NESSETT@CCC.NMFECC.GOV (12/16/89)
Jon Rochlis writes : > Certificates have major advantages, it is true. However the choice of > an asymetric encryption algorithm (i.e. RSA) creates tremendous > legal/financial problems, while the use of DES trumps those. So far > the only arangements public arrangments with RSADI (who controls the > RSA patent) are for the Internet e-mail keys (at $25 a user / per 2 > years). Nobody knows what arrangments can be had for any other use. > While I believe the RSA problems only apply within the US (and exclude > the government and MIT), that still leaves a lot of people with > serious exposure if they elect to go the X.509 route ... whereas they > can go with Kerberos now and not pay anybody any money. Those concerned with the cost per user of $25 / 2 years for a certificate may wish to calculate the costs of maintaining a centralized KDC (including, of course, administration costs associated with installing users in the password database, such as deciding whether a user is allowed in the database at all). It also may interest those concerned with using RSA that NIST (nee' NBS) is currently working on standardizing an asymmetric encryption algorithm. There are several candidates for this standard, one of which is RSA. It seems that the government is willing to standardize patented "processes" (technically, you can't patent algorithms) as long as the cost of using those "processes" is reasonable. Dan Nessett
jis@ATHENA.MIT.EDU (Jeffrey I. Schiller) (12/16/89)
> Those concerned with the cost per user of $25 / 2 years for a certificate may > wish to calculate the costs of maintaining a centralized KDC (including, of > course, administration costs associated with installing users in the password > database, such as deciding whether a user is allowed in the database at all). To add my two bits... The $25 / 2 years doesn't include the cost associated with the administrative overhead of allocating certificates through the methods proposed in the t-mail RFCs. This has got to be a lot higher then using Kerberos, for with Kerberos a site can do all its administration electronically (through the admin tools) whereas with RSA, there is paperwork involved in dealing with RSADSI. Revocation is also an important cost. For all practical purposes all one needs to do with Kerberos if one's password is compromised, is to change it. After the longest ticket lifetime, credentials are effectively revoked. With certificates another paperwork process must be initiated to sign a new certificate (I don't know whether or not more $$$ are also needed) and a revocation list must be updated (and delivered to the services that accept certificates). MIT's Project Athena effectively gives credentials to all undergraduate students who request them. Furthermore in this environment there is a reasonable number of password change requests per day (where someone has forgotten their password and has to have it administratively changed). With Kerberos authentication we use a special application that allows new users to be automatically added to the authentication database given the knowledge of their name and MIT ID number. A separate database of names and ID numbers is consulted to verify if in fact the requester is a student, and they don't already have a credential (thus their name and ID number are in effect a "weak" credential). If they forget their password they need to contact the "Accounts Consultant" to have it changed. Needless to say the cost per user (about 10,000 users are registered) is quite small. If we used certificates we would have to scrap our automated account creation software (or teach it how to write checks and mail them :-) ) and replace it with a manually, and therefore costly in staff time, system. Our revocation list would also be quite large. In this environment the cost differential between Kerberos, a "free" system, and RSA based certificates is quite large. -Jeff