[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: editorial on Photuris

To: atkinson@itd.nrl.navy.mil (Ran Atkinson)
Subject: Re: editorial on Photuris
From: Charles Watt <watt@sware.com>
Date: Tue, 14 Nov 1995 15:12:32 -0500 (EST)
Cc: ipsec@ans.net
In-Reply-To: <199511141802.AA18127@interlock.ans.net> from "Ran Atkinson" at Nov 14, 95 01:02:49 pm
Sender: Charles Watt <watt@sware.com>

-----BEGIN PRIVACY-ENHANCED MESSAGE-----
Proc-Type: 4,MIC-CLEAR
Content-Domain: RFC822
Originator-Certificate:
 MIIBvzCCAWkCEFmOln6ip0w49CuyWr9vDVUwDQYJKoZIhvcNAQECBQAwWTELMAkG
 A1UEBhMCVVMxGDAWBgNVBAoTD1NlY3VyZVdhcmUgSW5jLjEXMBUGA1UECxMOU2Vj
 dXJlV2FyZSBQQ0ExFzAVBgNVBAsTDkVuZ2luZWVyaW5nIENBMB4XDTk1MDUwODIw
 MjMzNVoXDTk3MDUwNzIwMjMzNVowcDELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1Nl
 Y3VyZVdhcmUgSW5jLjEXMBUGA1UECxMOU2VjdXJlV2FyZSBQQ0ExFzAVBgNVBAsT
 DkVuZ2luZWVyaW5nIENBMRUwEwYDVQQDEwxDaGFybGVzIFdhdHQwWTAKBgRVCAEB
 AgICBANLADBIAkEM2ZSp7b6eqDqK5RbPFpd6DGSLjbpHOZU07pUcdgJXiduj9Ytf
 1rsmf/adaplQr+X5FeoIdT/bVSv2MUi3gY0eFwIDAQABMA0GCSqGSIb3DQEBAgUA
 A0EApEjzeBjiSnGImJXgeY1K8HWSufpJ2DpLBF7DYqqIVAX9H7gmfOJhfeGEYVjK
 aTxjgASxqHhzkx7PkOnL4JrN+Q==
MIC-Info: RSA-MD5,RSA,
 AKyfBsWbZ7U1FUIEuhJONDvzkaDXZiknbFTlab7v2i6FoYNnuV/3ImvJsQm4dB01
 k1PlUsnAKtP7SWWCmvTZWAg=

Ran Atkinson wrote:
> 
> Bill,
> 
> [My co-chair hat is on]
> 
> % I have no idea what you are talking about.  PGP is not supported in the
> % base spec.  
>
> Then add it now.  See recent note from Phil Karn to the IPsec
> list agreeing this was OK.

I'm in complete agreement that an IETF standard key management protocol
should support authentication and key management between any two
arbitrary "principals" regardless of whether they be hosts or users.
But a hurried inclusion of PGP into Photuris is a serious mistake for a
number of reasons:

	1) PGP is non-standard.  You would face trouble advancing
	   Photuris along the standards track referencing a non-IETF
	   protocol.

	2) It is far from clear that PGP is the best, or even a desirable
	   approach.

	3) PGP by itself is insufficient for solving the problem -- and it
	   certainly isn't necessary for solving the problem at this stage 
 	   of the specification process.

What is needed are minor protocol changes to ensure that sufficient naming
attributes are available to identify the intended principals associated with
the Photuris exchange.  How you verify this naming information -- i.e, whether 
we need PGP or any other form of certificates -- does not need to be part
of the Photuris specification. 

There are two modes that a generic key management protocol should support:

	A) Specified Target:  the initiator knows the identity of the target
		principal before initiating the Photuris exchange.

	B) Exploratory Mode:  the initiator does not know the identity of the 
		target principal, but is interested in completing the 
		Photuris exchange so it can learn this identity and make 
		any required access decisions.

Currently Photuris doesn't support either mode for user level keying.  To
support A it must include an identification field for both the initiator and 
responder.  This enables the responder to identify the target of the Photuris 
exchange.  To support B it must be able to specify sufficient information
in lieu of the responder's "name" in order to identify the responder -- e.g.
target port number.

There are additional considerations when supporting user level keying on
multiuser hosts.  For example, a user might be authorized for a particular 
service -- but only when accessing that service from a specific host.  In
order to enforce such a policy, the enforcement mechanism must be provided
with both the authenticated user identity and the authenticated identity of
the client host.  SecureWare's HannaH product (http://www.secureware.com/) 
provides network security between any two arbitrary principals using a 
security protocol that sits on top of the transport (but within the kernel 
portion of the protocol stack so that it is transparent to the application).  
Its "Peer Authentication and Key Management Protocol" (PAKMP) provides one
mode that is quite similar to Photuris, except that it exchanges sufficient
information to support user level keying in a mixed environment of single
user workstations and multiuser hosts.  The protocol spec is online, and
shows what little needs to be added to Photuris.

Of course, if two implementations of Photuris are to be interoperable --
a good goal -- then at some point we must resolve two holy wars:

- - naming
- - how to bind a name to key material -- this would be where we might 
  consider PGP, along with many other approaches.

But these issues do not need to be resolved at this time for Bill and Phil 
to continue finalizing Photuris as a protocol specification.  For the
record, I would favor X.500 Distinguished Names and X.509 v3 certificates.
Forget the X.400 and Directory Service baggage -- just use the flexibility
these structures provide.  This is the approach we used with HannaH, and
have had no troubles at all.

Charles Watt
SecureWare, Inc.

-----END PRIVACY-ENHANCED MESSAGE-----

Follow-Ups:

Re: editorial on Photuris

From: "Perry E. Metzger" <perry@piermont.com>

References:

editorial on Photuris

From: atkinson@itd.nrl.navy.mil (Ran Atkinson)

Prev by Date: Re: FW: naming and terminology
Next by Date: Re: editorial on Photuris
Prev by thread: editorial on Photuris
Next by thread: Re: editorial on Photuris
Index(es):
- Main
- Thread