[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: key management

To: pkarger@gte.com
Subject: Re: key management
From: "Perry E. Metzger" <perry@imsi.com>
Date: Tue, 13 Dec 1994 14:34:51 -0500
Cc: ipsec@ans.net
In-Reply-To: Your message of "Tue, 13 Dec 1994 14:12:44 EST." <9412131912.AA16168@pkarger.tcc>
Reply-To: perry@imsi.com


"Paul A. Karger" says:
> 
> > From: "Avi Rubin" <rubin@faline.bellcore.com>
> > 
> > >2) Mutually distrustful users on a single host CANNOT be trusted to
> > >know each others keys. Systems that use host keying conflate
> > >different users cryptographic keys, making all sorts of unfortunate
> > >attacks possible. Preventing seperate users from using each others
> > >keys is necessary.
> > 
> > How do you propose for mutually suspicious users to use
> > the same host? 
> 
> Mutually suspicious users can only share the same host if you
> have a trusted operating system of some kind to separate them.

Many people who are interested in the use of IPSP already have
compartmented mode workstations to work with. Even absent that,
however, trusting your kernel is different from trusting the other
users. There are also issues beyond this -- like wanting to make sure
that there is a cryptographic authentication of the identity of the
user in situations where you don't care about the identity of the
machine per se.

.pm

References:

Re: key management

From: "Paul A. Karger" <pak0@gte.com>

Prev by Date: Re: key management
Next by Date: Re: Clogging attacks on SKIP
Prev by thread: Re: key management
Next by thread: Re: key management
Index(es):
- Main
- Thread