[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Query re work on GSS-API extensions for store-and-fwd support

To: ipsec@ans.net
Subject: Query re work on GSS-API extensions for store-and-fwd support
From: John Linn <linn@cam.ov.com> (by way of shirey@mitre.org (Robert W. Shirey))
Date: Mon, 1 Aug 94 11:37:50 EDT

FYI.  Please not part about IEEE 802.10c key management.

-Rob-

------------

CAT fanciers:

Late in one of last week's CAT sessions, I noted that I'd received a
query about whether there would be interest within our forum in
defining store-and-forward messaging support primitives for use in
conjunction with GSS-API.  In the interests of further detail, and for
the benefit of anyone on the mailing list who wasn't in the room at
the time, I attach (with permission) an excerpted message from Dave
Gomberg of Mitre, a member of the ISO/IEC JTC 1/SC21 WG8 security
group.  They're interested in making use of other ongoing work in this
area if available, but may take the task on themselves if no other
work in this area is progressing. My view is that store-and-forward
protection facilities (probably operating directly with credentials
rather than security contexts, given that security contexts aren't
multicast and are designed for association-oriented, timely delivery
environments) would be well-formed additions for use with GSS-API, but
I don't know what level of interest exists within CAT or the broader
IETF to pursue this.  Comments hereby solicited.

--jl

Excerpt from Dave Gomberg's message follows:

I'm writing to you on behalf of the ISO/IEC JTC 1/SC21 WG 8 Security
folks currently meeting at Southampton, UK.  As you may be aware, we
have recently begun work on a new project originally titled
Authentication and Related Security Services, retitled (at this
meeting) Security Association Management and Support (SAMS).  It was
agreed early on that we would use as the basis of the initial draft
IEEE 802.10c key management, the ECMA Authentication Privilege
Attribute Security Application, and the GSS-API.

Our current discussions have noted that there is a requirement to
support "store and forward" application needs, but that none of the
base documents deal with this area.  We are attempting to crate a
model that, so far, has accounted only for the non-store and forward
case.

We need to include a model and interfaces and mechanisms to cover the
store and forward cases.  We include here not only the obvious cases
of e-mail and file store/retrieval, but any situation where it is
necessary to bind security information to a protected information
object so that an entity (including the originator) may obtain the
information object content at some time after the protection has been
applied.  One of the areas that will need extension or modification or
re-interpretation for this purpose is the GSS-API.

Prev by Date: Internet Draft
Next by Date: SIPP and SKIP. 2 subjects.
Prev by thread: Re[4]: SIPP and SKIP. 2 subjects.
Next by thread: Thoughts on a basic encryption mode
Index(es):
- Main
- Thread