I won't address the rest of the commentary, but I ought to answer this. Frank Willoughby writes:
the word "probably" was deliberate. Kerberos was also thought to be secure - 'til it was compromised.
Kerberos was compromised? When? By whom? Are you talking about Bellovin's paper on weaknesses in Kerberos (most of which are avoidable or fixed in K5), or are you talking about a real break? If the latter, its the first that I've heard of it.
Actually, I was refering to Bellovin's paper.
Bellovin's paper doesn't list real breaks in Kerberos. It notes problems, which are real but not fatal and have been largely fixed.
Surely you don't think that the bugs that were discovered are the only ones which can be exploited and that Kerberos (or any other software product) is invincible? I don't.
Look, you clearly made a big claim -- that Kerberos had been compromised. If you can't back such comments up, don't make such claims. .pm