why gnutls when we have openssl?

[Dan Winship]

> changes - this can help to avoid proprietary extensions like what we
> have seen Microsoft did to Kerberos.

People use this example a lot, but it's not true. Microsoft made
proprietary extensions to the Kerberos *specification* (RFC 1510), not
to any existing Kerberos implementation. When the first interoperability
testing between MIT and Microsoft kerberos was done, the two
implementations had different bugs, so it's unlikely they used any
significant amount of the MIT code at all.

-- Dan