Re: Adding revised identities to IKEv2

[Uri Blumenthal <uri@lucent.com>]

Stephen Kent wrote:
> well, access control is an intrinsic feature of IPsec, so we may
> disagree on that point. also, I don't believe that trust and
> authorization are really linked as tightly as you suggest.

Well... There's not much of authorization or trust on IP level,
I think. So the issue is moot for IPsec. But on higher layers?

Say a request (not a packet!) comes from "John Doe". I
authenticated it and am certain it came form him. Now he
is requesting {put your favorite here - a $1M loan, a
peek through the company strategy document, a "format c:"
operation, whatever :-}. 

Should the request be granted? How do I decide, based on what?
This is the authorization issue to me. I don't believe it
belongs to IP level.


> the whole
> notion of "trust management" that has arisen over the last few years
> seems to be largely a function of a view that does not acknowledge
> the existence of authoritative sources of authentication data. in the
> physical world we have many such sources, and in cyberspace we have
> several predominant ones, the DNS being the most common example.

I think it came from the desire to proceed from authentication to the 
purpose for which the authentication was carried on: what do I do with
this request, now that I know the identity of its initiator?

And again to repeat myself - in IPsec the decision (probably) is very
trivial: if I recognized the key and authenticated the traffic, I can
allow it to enter my box, the rest is an application-level problem.
 
> are you looking for the SPKI WG mailing list?
> 
> I think it died along with the WG :-)

SPKI? What's that? (:-)

But seriously, how do you identify a key on a borrowed laptop roaming
through a foreign domain? [not by IP address and probably not by FQDN]