Duke, do you know anything at all, or do you just like to read your own posts? The "answers" you gave are the goofiest things I've read in a long time. In case you're serious, and the post isn't a joke, I'll respond to a few points.
3. How can Microsoft claim trade secrecy for a protocol that is distributed over the Internet?
---a trade secret is a trade secret, no matter who shouldn't know it.
4. What measures has Microsoft taken to protect the trade secrecy of its Kerberos specification beyond the use of a click-wrap license agreement?
---who says they need to do more that try to keep others from stealing secrets.
5. What measures has Microsoft taken to ensure that its Kerberos specification is only distributed to persons who are capable of entering into a binding contract in jurisdictions where such an agreement would be enforceable?
---this is sort of like the Rapist claiming that the victim deserved it because no one would be so stupid as to go out walking alone on a dark night.
There have been several court rulings on trade secrets and the amount of protection the holders must put on them for them to be considered a trade secret. Posting a document on the Web for anonymous download means they have not taken adequate precautions, and the "trade secrets" are not legally trade secrets. If your argument is that the MS Kerberos spec is a trade secret because MS says it is, and the laws be damned, well, that works in the Republic of Microsoft, and maybe on these boards, but the law is quite clear on the subject.
7. Why wouldn't prospective purchasers of Windows 2000 need to know the contents of Microsoft's Kerberos specification in order to make informed judgments regarding interoperability in connection with their purchasing decisions?
---Because, stupid, its a Code! You don't pass out the Key to others to see if they like it. (although, I will give you that that's what Linux does :)))
Do you know anything at all about security? The only encryption algorithm I know of where the algorithm is not publicly available is the Skipjack cipher (invented by the NSA, and implemented in the Clipper chip), and it's not used. Any cipher that is used is well documented and well analyzed, and that includes DES, Triple-DES, Blowfish, RC-5, Twofish, Mars, etc as well as all authentication standards. Proprietary security protocols are inherently untrustworthy and are not used by anyone with any knowledge of security. Kerberos is well known, works well, and is believed secure, but any unpublished extensions could introduce security holes. It's just not done by anyone who cares about security.
-Russ |
