[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: application layer cross checking



This is not only a good idea, it's a very important idea in the infinitesimally
slow progress towards meaningful authentication and privacy for the
Internet.  If this API existed then it would be so much easier to do
a good job on inter-organizational access control for a wide range
of applications.

Hilarie

 >>> "Steven M. Bellovin" <smb@research.att.com> 05/03/01 02:05PM >>>
In message <15089.46873.137893.423692@thomasm-u1.cisco.com>, Michael Thomas wri
tes:
 >Derek Atkins writes:
 > > Because applications may not be ipsec peers...  Or, in most cases,
 > > ipsec will be host-based, not user-based?
 >
 >   What's the difference? Why shouldn't I be able to
 >   tell the socket layer which identity I want it 
 >   to use for a particular 5-tuple, and the receiving
 >   end be able to verify that, including the application
 >   layer being able to cross check? 
 > 
 >   If you can't do that, it sure seems like transport
 >   mode is severely hamstrung. As in, why bother?

Absolutely -- I've been asking for such an API for several years.  

More specifically, at a minimum I want a way for an application to find 
out what security mechanisms are in effect for a given socket, and 
whatever is known about the peer(s).  It's up to the application to 
decide what permissions are associated with what identities, by 
whatever means it chooses.  In that sense, it doesn't matter if it's a 
"user" or a "host" -- the access control mechanisms need not 
distinguish unless they wish to.


		--Steve Bellovin, http://www.research.att.com/~smb 






Follow-Ups: