Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Technology Stocks : Cisco Systems, Inc. (CSCO) -- Ignore unavailable to you. Want to Upgrade?

To: Kenneth E. Phillipps who wrote (33523)	4/6/2000 1:35:00 PM
From: lawdog	Respond to of 77400

OT. Ken, read that article a couple of days ago. Very interesting. Bill sure is clever. Have to watch him at every turn. Larry, Scott et. al. should just start buying MSFT stock instead of investing in R&D. Capitulate, swine!

To: Kenneth E. Phillipps who wrote (33523)	4/7/2000 1:00:00 PM
From: ericneu	Respond to of 77400

OT - Zoltan & LawDog, What is Microsoft trying to accomplish by changing the code in Kerberos - the encryption technology - in Windows2000? --- There's a lot of FUD around this issue. "Changing the code in Kerberos" did not happen. Here's a copy of a post to NTBugtraq that might help explain things: ntbugtraq.com "Date: Fri, 10 Mar 2000 14:15:19 -0800 Reply-To: Paul Leach <paulle@EXCHANGE.MICROSOFT.COM> Sender: Windows NTBugtraq Mailing List <NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM> From: Paul Leach <paulle@EXCHANGE.MICROSOFT.COM> Subject: Re: (Fwd) Re: Win2000 and BIND GSS-TSIG Interoperability? Comments: To: Scott Morizot <tmorizot@ADC.IS.IRS.GOV> Comments: cc: "David.Conrad@nominum.com" <David.Conrad@nominum.com> Content-Type: text/plain See below. > -----Original Message----- > From: Scott Morizot [mailto:tmorizot@ADC.IS.IRS.GOV] > Sent: Tuesday, March 07, 2000 5:59 AM > To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM > Subject: (Fwd) Re: Win2000 and BIND GSS-TSIG Interoperability? > > > Hello Russ, > > It had been a while since I had seen anything about BIND and > Win2000 GSS- > TSIG interoperability from the ISC. So after the topic came up on > NTBugTraq, I raised the question again on the bind-users > list. Below is > the response from David Conrad, Executive Director of the > ISC. I think > it clarifies the issues pretty well. The initial question > and a response > from, I believe, Stuart at Microsoft have already gone out on > this list. > This response from the ISC should round out the perspectives on the > issue. At any rate, I thought I would forward it for your > consideration. > > Scott Morizot > > > Forwarded with permission: > > ---------- Forwarded message ---------- > Date: Sun, 05 Mar 2000 01:22:50 -0800 > From: David R. Conrad <David.Conrad@nominum.com> > To: bind-users@isc.org > Subject: Re: Win2000 and BIND GSS-TSIG Interoperability? > > Scott, > > Sorry for the slow reply, I'm on travel right now. > > > I recall past discussions > > on this list where some at the ISC had indicated that > > Microsoft had released insufficient details about > > their GSS extensions to TSIG to allow interoperability > > for secure dynamic updates to be built into BIND. > > We have been unable to determine whether or not it is > possible to implement > Microsoft's GSS-TSIG DNS extension that does not require the use of > Microsoft's version of Kerberos to be a "first class citizen" > in Microsoft's > DNS architecture. From the numerous press reports (e.g., > dailynews.yahoo.com, > it doesn't look > too good. Well, despite the claim that from that article that "existing users of Kerberos on Unix systems in the financial industry or academic community - where Kerberos is predominantly found - 'are in a place of hurt,'", Morgan Stanley seems to be doing OK: microsoft.com None of the Microsoft extensions to Kerberos are needed to implement an interoperable BIND server using GSS-TSIG. An implementation that does standard Kerberos, that does not understand the extensions, can safely ignore them. We do such interoperability testing as part of our release process. The most controversial extension uses a field, which was designed to be extended but not normally used, to hold a list of groups of which the client user is a member. The field is documented in the Kerberos standard to be ignored if not understood. The format of the data MS Kerberos puts in it is not documented. However, a standard Kerberos server using the GSSAPI does not expect this field from a standard Kerberos client, and hence does not need to to operate correctly, so if it follows the standard and ignores it, it will operate correctly. See the following for information on Kerberos interop: microsoft.com And this for general information on Kerberos: microsoft.com p" - Eric