[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Nodes and Users



-----BEGIN PGP SIGNED MESSAGE-----

content-type: text/plain; charset=us-ascii

   I don't have any pat answers for this.  I suggest, though, that the
   identity string be a 3-tuple of 0 or more usernames, 0 or more domain
   names, and 0 or more IP address ranges.  I'll leave the syntax and
   certificate format issues to someone else...  

I would suggest adding protocols/ports to this mix, at least so that 
initiators can suggest which principal on the responder they want to 
talk to.

The experience we've had building distributed systems in DCE indicates
that for some applications, particularly where you've got redundant
replicated services, you're better off with an approach which can be
summarized as "find out who you're talking to, then see if they're on
the right ACL" rather than having to know in advance the full name of
the entity you want to communicate with.

As a hypothetical (and probably bad) example, if the Responder
supports multiple entities, it may be more convenient to express
things as "set up an association with whoever's in control of TCP port
25"., then verify that the certificate you get back has the right
"magic" SMTP-server attribute.

If the responder is a single-user system, it could respond with an
indication to that effect and forestall future attempts from its peer
to establish redundant security associations.

I'd also like to suggest that an attribute-value form of identity
(note that this does *NOT* imply X.500 syntax) might be more
extensible and less clumsy than a 3-tuple or 4-tuple of possibly empty
sets of values

					- Bill




-----BEGIN PGP SIGNATURE-----
Version: 2.6.1

iQCUAwUBMI0dOVpj/0M1dMJ/AQFXJAP3ejTR0VMKT81UHw3P/1VWVorB1WFp0eXU
QRYy4NgeoWUZ2LEYnw0hfWUKgOYxufau2qDHbGC4EuFuAl4Ngd7lZdCDO8dCFEVD
Jr23jULhl3/I8HI908eKOQ6uNbzNKvzH+09J2ESb5drE+YmdLK8szZlpelri93RB
UNP3r4G/jw==
=QOoK
-----END PGP SIGNATURE-----


References: