Microsoft Kerberos Specification...

Nicolas Williams willian at
Mon May 1 16:10:17 GMT 2000

[NOTE: I'm cross-posting this to the Kerberos list.]

On Tue May 02 2000, Michael H. Warfield (mhw at wrote:
> ============================================================================== 
> Posted at Apr 28, 2000 04:17 PM 
> MICROSOFT ON FRIDAY published a key proprietary data 
> format that has been at the heart of interoperability 
> questions surrounding "standards-based" 
> Kerberos security in Windows 2000. 
> The data format, however, is only for review and 
> analysis. Microsoft has yet to decide if it will 
> license the format to either third-party 
> vendors or developers. 
> For the full story: 
> ============================================================================== 
>         Ok, so Luke doesn't have to reverse engineer this critter. I 
> would love to know what trick they have up their sleeve that makes them 
> think that they can still decide whether or not to "license" this to 
> vendors and developers. It ain't no trade secret now. They can't claim 
> copyright on someone else's implimentation. That leaves patent or 
> trademark. I don't see how either is going to help them. 

Microsoft is posting the document embedded in an EXE file.

Sounds like an access control device to me. Think of the DMCA, and

Though IANAL I would say that until the courts rule on DMCA/UCITA cases
the situation will be somewhat confused. It may be that one may now
publish a trade secret and have that secret still receive legal
protections accorded only to trade secrets that are secret. The logic
chain being:

1) the secret is not published per se, but is shared to those who agree
   to be bound by a non-disclosure agreement.

2) the access control device (the EXE) enforces that you agree to be
   bound by that non-disclosure agreement

3) if you work around the "access control device" then you're in
   violation of the DMCA, penalties may follow

4) if you obtain the documentation from someone else, without the
   "access control device" then you're receiving stolen trade secrets
   (your source is defeating the "access control device"); to use
   knowledge of the secret obtained in this way would make you liable
   under existing laws and the DMCA

Thus, I recommend that Luke NOT read this document, if he intends to
implement anything like what's documented there.

And we should probably not describe to him anything that is described in
that document unless what we describe is also described in some other,
public document.

Again. IANAL. A real legal opinion would be useful here.

>         Has anyone seen the spec yet? The article did not contain a URL 
> to the actual spec, if it's been made public. 
>         Mike 


More information about the samba mailing list