[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: photuris-06.txt



-----BEGIN PGP SIGNED MESSAGE-----

content-type: text/plain; charset=us-ascii

I'd like to make a few assertions in the name of forward progress:

Assertion 1:

 - The current Photuris draft is not adequate for systems which
support multiple cryptographic identities and which *attempt* to
segregate users from each other.

Assertion 2:
 - The text in the current drafts regarding MLS systems encourages
people to *think* that assertion 1 may be false until after they spend
considerable time attempting to work out scenarios for using Photuris
and IPSec within networks of multi-user systems.  This has led to a
fair amount of thrashing about on this list and in private mail.

Assertion 3:

 - I don't see this limitation as a fundamental limit of photuris; I
think that some relatively *MINOR* adjustments and extensions can be
made to the protocol to securely support multi-user systems.  Most
likely, these adjustments would come in the form of additional
attributes.

Suggestion:

 - The current photuris draft should admit that Photuris as currently
specified is only adequate for systems supporting a single
cryptographic entity at a time; this entity could viewed as either a
"host" or a "user".

 - Defer work on multi-cryptographic-entity systems to a separate
draft, to be titled something like "extensions to photuris for multi-user 
systems".

					- Bill




-----BEGIN PGP SIGNATURE-----
Version: 2.6.1

iQCVAwUBMJjka1pj/0M1dMJ/AQHv+gP9HkgCRJVGK4tmHijNiJsuMBTJhSPQy6XV
qLQNGVIspBEqdHErDh08zw6zCimu6NCqr+CQ1dfpmU5qjoeJAI9f/Sp+iXSnFfCc
ASflGF97BQrFVfWqWUy+5qj5YOXqLUQC1IdaLMR4D0zjfE2rrq+U5lKARdqpzxlk
uGlZrgZGo78=
=wTuF
-----END PGP SIGNATURE-----


References: