[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: key management

To: pkarger@gte.com, Avi Rubin <rubin@faline.bellcore.com>
Subject: Re: key management
From: Ran Atkinson <atkinson@sundance.itd.nrl.navy.mil>
Date: Tue, 13 Dec 1994 15:12:10 -0500
Cc: ipsec@ans.net
In-Reply-To: "Paul A. Karger" <pak0@gte.com> "Re: key management" (Dec 13, 14:12)
References: <9412131912.AA16168@pkarger.tcc>
Reply-To: atkinson@itd.nrl.navy.mil
Sender: atkinson@sundance.itd.nrl.navy.mil

On Dec 13, 14:12, Paul A. Karger wrote:
} Subject: Re: key management

% Mutually suspicious users can only share the same host if you
% have a trusted operating system of some kind to separate them.

It isn't clear to me what you mean by "trusted operating system".

If you mean an OS with Mandatory Access Controls (e.g. B1 or better
per Orange Book), then I disagree.  A C2 operating system with
Discretionary Access Controls permits user A to configure permissions
such that user B does not have access to user A's data and resources.
If user A is on such a system and does not trust user B, then user A
can configure its permissions accordingly.  MAC is needed when one is
trying to enforce some kind of multi-level security policy, not merely
to separate mutually suspicious users.

Ran
atkinson@itd.nrl.navy.mil

Follow-Ups:

Re: key management

From: "Paul A. Karger" <pak0@gte.com>

Re: key management

From: solo@BBN.COM

References:

Re: key management

From: "Paul A. Karger" <pak0@gte.com>

Prev by Date: Re: key management
Next by Date: Re: key management
Prev by thread: Re: key management
Next by thread: Re: key management
Index(es):
- Main
- Thread