[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New proposal from Ronald J. Fitzherbert

Date: Tue, 3 Dec 1996 11:32:33 -0800 (PST)
From: Kent Crispin <kent@songbird.com>
Subject: Re: New proposal from Ronald J. Fitzherbert

Perry E. Metzger allegedly said:
> Kent Crispin writes:
> > Kerberos would be a poor choice to use across the internet, IMO.
> 
> Why? I use it all the time. Works fine, as advertised. Whats the exact
> problem with it?

I use it all the time, also.  Yes, it does work.  It's a huge chunk of
code.  It has had several security flaws, as you know -- not
surprising for a very large system like that.  It doesn't yet support
PK for key distribution (though I just saw notice of an ietf-draft on
the subject.  The fundamental design is "put all your eggs in one
basket, then guard the basket", which is fine when the eggs are small 
and easy to watch, but kerberos has many big eggs (if I may stretch 
the metaphor...)

> > [about Oracle]
> > This is an *enterprise* networking solution, and making an *Internet*
> > networking solution out of it is a stretch.
> 
> What does that mean? You think the software won't work because the
> machines have a bit of distance between them?

No -- it's that the basic authentication method is cleartext 
passwords, and to get more you get the "Advanced Networking Option" 
which requires you to install something like DCE...

> > > The only reason this isn't practical as a standard is that we really
> > > need an open protocol, for a wide variety of reasons. However, for a
> > > cooperating group of registries trying to operate a shared lock
> > > database, this would be perfectly practical tomorrow morning.
> > 
> > We will have to agree to disagree about this, Perry.  To me, using 
> > Oracle to get a shared lock is like buying a Cray to balance your 
> > checkbook.
> 
> If you want to manage a centralized database, the products you use for
> this purpose are *database* packages. I fail to see how this is
> overkill.

Perry, chisel this in stone and put it over your desk: I don't want to
manage a centralized database.  

I want to manage a distributed, multiplatform database, and just use
one tiny bit of locking for a very specific purpose.  The tinier I can
make that piece the better I like it. 

> Anyway, as I've said, "buy Oracle" isn't an RFC. We need an open
> standard. However, there is little doubt in my mind that a DBMS is
> more or less "the right thing" for the job, probably with an open
> protocol veneer on top.
> 
> BTW, this is the last message I'm sending on this topic. I've made my
> point.

OK.  Me too.  Thanks for the stimulating discussion.

-- 
Kent Crispin				"No reason to get excited",
kent@songbird.com,kc@llnl.gov		the thief he kindly spoke...
PGP fingerprint:   5A 16 DA 04 31 33 40 1E  87 DA 29 02 97 A3 46 2F

References:
- Re: New proposal from Ronald J. Fitzherbert
  - From: "Perry E. Metzger" <perry@piermont.com>

Prev by Date: Re: That 30%... Was: Re: Thoughts at the moment...
Next by Date: Re: Metzger + IAHC = Skewed
Prev by thread: Re: New proposal from Ronald J. Fitzherbert
Next by thread: Re: New proposal from Ronald J. Fitzherbert
Index(es):
- Date
- Thread