[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: naming and terminology
> From: atkinson@itd.nrl.navy.mil (Ran Atkinson)
> As co-chair, my understanding of consensus is roughly what Ted
> T'so described -- namely the "mutually suspicious users" problem is
> one that MUST be addressed in pass 1. I do NOT think this is hard to
> do -- if one simply supports PGP keys (which name users not systems)
> in Photuris and has the ability to pass the name string between the
> two parties to the Photuris exchange the basic requirement is met.
I have no idea what you are talking about. PGP is not supported in the
base spec. And PGP can and does in fact name systems as well as users.
Passing a name string as an Identity is already supported in the base
spec.
> Secondly, Bill Simpson is flat out wrong in the way he is
> using "mandatory access control", "multi-level secure", and similar
> terms. The revised note from Ted T'so is correct in use of language.
It has been thusly revised:
Internet Security protects against threats that come from the
external network, not from mutually hostile users of the nodes
themselves. Any secure multi-user operating system MUST be able to
protect its resources from hostile users, and protect one hostile
user from damaging the resources controlled by another hostile user.
When required for secure multi-user environments with discretionary
access controls, the Photuris Identification can be used to provide
separate limited authentication from each user of one node when
communicating with another common node. To provide user-oriented
keying, the nodes can initiate multiple concurrent Photuris
exchanges. These may provide separate user Identification from the
Initiator to the Responder in each direction.
Each secure multi-user operating system MUST be capable of
separately maintaining multiple Identification Exchange SPI values
for each Value Exchange calculated shared-secret. It is the
responsibility of the Source to internally segregate the
shared-secret and different session-keys provided per Destination,
and select an appropriate SPI for each datagram transmission.
And in the implementation notes:
Successful use of user-oriented keying requires a significant level
of operating system support. If the operating system has a security
vulnerability, then there is no basis for separate user-oriented
keying.
Use of multi-user segregated exchanges likely requires added
functionality in the transport API of the implementation operating
system. Such a mechanism is outside the scope of this document.
It has been suggested that the Photuris exchange could also be
established between particular application or transport processes
associated with a user of a node. Such a mechanism is emphatically
outside the scope of this document.
Bill.Simpson@um.cc.umich.edu
Key fingerprint = 2E 07 23 03 C5 62 70 D3 59 B1 4F 5E 1D C2 C1 A2