MSFT v Slashdot

Chuck Grimes cgrimes at tsoft.com
Thu May 18 22:32:59 PDT 2000


Microsoft's proprietary Kerberos extensions are subject to
>copyright rules, "and the draconian DMCA makes the distributor liable
>for the copyright violation, and its resultant harm to the copyright
>holder," wrote Annie Kermath. "No matter how ugly it looks, Microsoft
>is within its legal rights to make the request."

Why isn't Slashdot's use within "fair use"?

Brad De Long

------------

Evidently, only MS can make fair use of it. Anyone else's use is obviously a copyright infringement. Evidently, just talking about it is not considered fair use.

(caution, I think most of what follows is correct, but you never know)

Slashdot and others are really missing the point. Any `proprietary' extension of Kerberos (a public domain specification) is only developed by MS to `embrace and extend' and therefore destroy an existing standard. So, Microsoft extensions need to be isolated as much as possible, just like the viruses they are.

It seems to me, that the real point to MS making the specification (the rules, not the binary or code) a public license, is to facilitate its use (and get their foot in the door to claim kerberos was theirs all along). Once a high use level is established for their extension, then MS can `upgrade' the spec to correspond to some `new' code `enhancement' which would then be proprietary.

The best tactic I can think of is to smother MS in suits, claims, and counter claims, along with complete hacks put up all over the web and faithfully maintained--along with schemes to merge and neutralize these extensions--whatever they are.

The point would be to stop MS from establishing some customized authentication scheme that only works on their servers and applications. This tactic might alter a standard, but it would be so ubiquious that MS would be back to square one, when they try to `upgrade' it to a proprietary scheme.

For those who don't know (like me until about an hour ago) Kerberos is an authentication protocol that assigns encrypted keys to input and output. Each user and their processes are assigned a random key that only they can decrypt and only the kerberos process can issue and keep track of. There are no exchanges of passwords and over riding other permission schemes does no good without these authentications. It is used in networks to secure files, directories, programs, processes, and physical devices all the way down to who gets to use the network printer or copy machine. It was developed at MIT and it is completely public. It provides basic internal security in a network between users, workstations and the data, servers and devices they access.

If MS is allowed to alter this standard and call that alteration their own, then they can control all the software that can be used under such a modified kerberos.

MS has already attempted something like this tactic in NT by failing to provide compatible formats between NT and Unix networks. This makes the unix platform servers install something like Samba as a server to server interface between unix and NT. The pam_smb module for Samba will authenticate linux (and other unix) users against NT password authentications (see pam_smb, or follow links on Samba). MS really needs to be seen as a public enemy. They tried to fuck around with ansi, html, rtf, ps, and just about every other format using the same embrace and extend track.

Anyway here are the lawyer's questions from Slashdot to MS, for those interested:

As a general matter, it is the policy of Slashdot not to interfere with or censor the communications of its users. Andover.Net is particularly concerned about censoring the user postings on which you have focused given their apparent relevance to issues in the current antitrust litigation between the Microsoft and the government.

In our review of this matter, it would be helpful if you could provide certain information:

1. How can Microsoft claim proprietary protections for enhancement to

an open standard protocol?

2. How can Microsoft use the Kerberos name, which signifies an open

standard protocol, in connection with a proprietary protocol?

3. How can Microsoft claim trade secrecy for a protocol that is

distributed over the Internet?

4. What measures has Microsoft taken to protect the trade secrecy of

its Kerberos specification beyond the use of a click-wrap license

agreement?

5. What measures has Microsoft taken to ensure that its Kerberos

specification is only distributed to persons who are capable

of entering into a binding contract in jurisdictions where

such an agreement would be enforceable?

6. How could posting of the Microsoft Kerberos specification on

Slashdot have any detrimental impact on the market for authorized

distribution of Microsoft's version of Kerberos?

7. Why wouldn't prospective purchasers of Windows 2000 need to know

the contents of Microsoft's Kerberos specification in order to make

informed judgments regarding interoperability in connection with

their purchasing decisions?

8. Why shouldn't Slashdot users and the general public be able to view

this protocol for purposes of commentary and criticism in light of

its apparent relevance to issues in the government's antitrust

litigation?

Any information you could provide in response to these questions and any other information that you believe we should consider would be helpful.

Very truly yours,

- Mark D. Robins

______________________________ Mark D. Robins Hutchins, Wheeler & Dittmar A Professional Corporation



More information about the lbo-talk mailing list