[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: naming and terminology

To: ipsec@ans.net
Subject: Re: naming and terminology
From: "William Allen Simpson" <bsimpson@morningstar.com>
Date: Sat, 11 Nov 95 04:32:41 GMT

> From: atkinson@itd.nrl.navy.mil (Ran Atkinson)
>       As co-chair, my understanding of consensus is roughly what Ted
> T'so described -- namely the "mutually suspicious users" problem is
> one that MUST be addressed in pass 1.  I do NOT think this is hard to
> do -- if one simply supports PGP keys (which name users not systems)
> in Photuris and has the ability to pass the name string between the
> two parties to the Photuris exchange the basic requirement is met.

I have no idea what you are talking about.  PGP is not supported in the
base spec.  And PGP can and does in fact name systems as well as users.

Passing a name string as an Identity is already supported in the base
spec.


> 	Secondly, Bill Simpson is flat out wrong in the way he is
> using "mandatory access control", "multi-level secure", and similar
> terms.  The revised note from Ted T'so is correct in use of language.

It has been thusly revised:

    Internet Security protects against threats that come from the
    external network, not from mutually hostile users of the nodes
    themselves. Any secure multi-user operating system MUST be able to
    protect its resources from hostile users, and protect one hostile
    user from damaging the resources controlled by another hostile user.

    When required for secure multi-user environments with discretionary
    access controls, the Photuris Identification can be used to provide
    separate limited authentication from each user of one node when
    communicating with another common node. To provide user-oriented
    keying, the nodes can initiate multiple concurrent Photuris
    exchanges. These may provide separate user Identification from the
    Initiator to the Responder in each direction.

    Each secure multi-user operating system MUST be capable of
    separately maintaining multiple Identification Exchange SPI values
    for each Value Exchange calculated shared-secret. It is the
    responsibility of the Source to internally segregate the
    shared-secret and different session-keys provided per Destination,
    and select an appropriate SPI for each datagram transmission.


And in the implementation notes:

    Successful use of user-oriented keying requires a significant level
    of operating system support. If the operating system has a security
    vulnerability, then there is no basis for separate user-oriented
    keying.

    Use of multi-user segregated exchanges likely requires added
    functionality in the transport API of the implementation operating
    system. Such a mechanism is outside the scope of this document.

    It has been suggested that the Photuris exchange could also be
    established between particular application or transport processes
    associated with a user of a node. Such a mechanism is emphatically
    outside the scope of this document.

Bill.Simpson@um.cc.umich.edu
          Key fingerprint =  2E 07 23 03 C5 62 70 D3  59 B1 4F 5E 1D C2 C1 A2

Prev by Date: Re: SKIP: Interoperability proposal
Next by Date: Re: SKIP: Interoperability proposal
Prev by thread: Re: naming and terminology
Next by thread: SKIP: Interoperability proposal
Index(es):
- Main
- Thread