Hilarie, On you assertion: >Clarified Assertion: >The minimal basis for authentication is the association >of a public key with an IP address. The minimal >authentication chain is through DNS zone authorities. I have always viewed the minimum information to be a "name"... Perhaps I'm wrong, but your assertion provides clarity to the discussions and this an issue that needs resolution. So ... A Different Assertion: The minimal basis for authentication is the association of a public key with a name that can be used to support access control decisions. IP addresses may be dynamically assigned and are not as useful as "names" in supporting end system security. Paul -------------------------------------------------------------- Paul Lambert Director of Security Products Oracle Corporation Phone: (415) 506-0370 500 Oracle Parkway, Box 659410 Fax: (415) 413-2963 Redwood Shores, CA 94065 palamber@us.oracle.com --------------------------------------------------------------
-- BEGIN included message
- To: mohta@necom830.hpcl.titech.ac.jp
- Subject: Re: "Re: DNS? was Re: Key Management, anyone?"
- From: "Hilarie Orman " <ipsec-approval@neptune.hq.tis.com>
- Date: 07 Aug 96 23:03:02
- Cc: ipsec@tis.com
> Authentication for what? Clarified Assertion: The minimal basis for authentication is the association of a public key with an IP address. The minimal authentication chain is through DNS zone authorities. This seems to me to be generally useful and meaningful mechanism for most Internet purposes. If a site doesn't have an appropriate key entry, it won't be able participate in ordinary authenticated services --- sort of like not having a valid IP address would invalidate it as an Internet member. So, why is this wrong?
-- END included message