BOSTON (06/02/2000) - The Kerberos security protocol, which has been adopted by the Internet Engineering Task Force as an open standard, is the subject of an ongoing dispute between Microsoft Corp. and the Slashdot.org Web site, which hosts discussions about open-source software.
Microsoft claims that a Slashdot discussion thread that posted Microsoft's proprietary extensions to the open-source Kerberos protocol violated Microsoft's copyright and is illegal under the Digital Millennium Copyright Act (DMCA).
However, "Microsoft is in no way trying to limit industry dialogue on this topic," said Microsoft spokesperson Luisa Vacca.
Members of the Slashdot community argue that Microsoft is attempting to stifle free speech within the open-source community.
The Kerberos security protocol, which was designed at MIT in the 1980s, is used in Windows 2000 in a form that is partially incompatible with widely used versions of the standard. To read Microsoft's version of the specification, developers have to run an executable file that compels them to agree to a confidential licensing agreement. This angered some visitors to Slashdot, who posted instructions that tell users how to download the specification without having to agree to the restrictive licensing agreement.
On May 10, Microsoft attorney J. K. Weston fired off a letter to Acton, Massachusetts-based Andover.net, which publishes Slashdot, demanding that the material be removed.
"That entire mentality is completely against the whole open-source objective.
Microsoft just doesn't get it," said Dean Williams, a network engineer at Yesmail.com, a Chicago-based permission e-mail marketing company that uses Windows 2000. "You can charge money for anything that you add to open source, but you have to make the source code available to anyone who wants to use it."
Slashdot Editor in Chief Robin Miller refused to delete the 11 messages that Microsoft insists are illegal under the DMCA. Instead, Slashdot shot back with a letter from its attorney, Mark D. Robbins, questioning Micosoft's legal claims. Robbins said Andover.net is concerned about deleting the user postings "given their apparent relevance to issues in the current antitrust litigation between Microsoft and the government."
Microsoft appeared to be backing down from the dispute last week.
"Was Slashdot the right battle to pick? Maybe, maybe not," said Adam Sohn, public relations manager for Microsoft's inside platforms division. Sohn said the letter drafted by Robbins disregarded Microsoft's copyright concerns, but he declined to comment on whether the company would continue to pursue Slashdot on alleged copyright violations.
According to Microsoft, the Kerberos licensing agreement was put in place to protect Microsoft's intellectual property on the use of an undefined data field left open for Kerberos Version 5.0, which allowed developers to store authorization data for the Windows 2000 operating system. While Microsoft published this code, it forced users to agree to a licensing restriction that identifies the material as "confidential information and a trade secret."
"Taking a piece of copyrighted information and stripping the legal protections that are afforded us under copyright law is a violation regardless of any concerns that they have," said Sohn.
"That field was set out by the framers of the standard for the special purpose of allowing vendors to put authorization data in it so that was a space for innovation," Sohn added. "We felt we wanted to protect that innovation and that investment."