karl@asylum.SF.CA.US (Karl Auerbach) (12/20/89)
In article <32337@news.Think.COM> barmar@Think.COM writes: >And what happens when a machine using two-party authentication tries to >talk to one that requires a third party? Communication fails. What's wrong with that? If you follow your logic you reach an absurd situation: Until things are perfect, nothing ought to be done, and perfection will take an infinite amount of time to reach, so let's not do anything. All I am trying to poing out in this whole sequence of messages is that there is merit in trying so reach a solution a step at a time rather than trying to do it in one giant leap forward. (And in the area of security, I do not believe everyone wants to land in the same spot.) The blind rejection of Kerberos by some members of this list is a frightful thing. Yes, we "ultimately" want universal inter-pluggability and inter-workability. But we simply are not smart enough yet to do it, OSI notwhithstanding. If some folk do not agree with my opinion in the previous paragraph they ought to demonstrate, repeat *demonstrate* me wrong. I'd be happy to see a working, repeat *working* demonstration that I am wrong. But I would request that those people do their work quietly, in the background, without trying to force their experiments (even paper experiments) on me, my company, or my government by calling their experiment an "International Standard." >Rather than having multiple standards, there should be one standard with >several modes. A good example is TELNET, which is a single standard but >has option negotiation that can vary the protocol. That's a good example. Telenet itself just provides a framework to trigger option negotions. The options themselves have been proposed over the years, as someone got a good idea (new options are being developed even today.) And many options that the original developers thought important have been ignorred. In other words, one of the strengths of Telnet is that the developers did not undertake to design the perfect, ultimate protocol. Rather they built one that could be extended. So simple basic Telnet now has options for 3270 emulation, special line-mode processing, normal full-duplex. In fact one could even add in-session security challanges. Anyway, I think I've made my point, so I'll be a good kid and be quiet for a while. Have a good Christmas/New Years everyone! --karl--