[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Adding revised identities to IKEv2
At 5:42 PM -0500 11/12/02, Uri Blumenthal wrote:
>Stephen Kent wrote:
>> well, access control is an intrinsic feature of IPsec, so we may
>> disagree on that point. also, I don't believe that trust and
>> authorization are really linked as tightly as you suggest.
>
>Well... There's not much of authorization or trust on IP level,
>I think. So the issue is moot for IPsec. But on higher layers?
>
>Say a request (not a packet!) comes from "John Doe". I
>authenticated it and am certain it came form him. Now he
>is requesting {put your favorite here - a $1M loan, a
>peek through the company strategy document, a "format c:"
>operation, whatever :-}.
>
>Should the request be granted? How do I decide, based on what?
>This is the authorization issue to me. I don't believe it
>belongs to IP level.
In your example I agree that the authorization is an application
layer issues, not an IP layer issue.
>
>
>> the whole
>> notion of "trust management" that has arisen over the last few years
>> seems to be largely a function of a view that does not acknowledge
>> the existence of authoritative sources of authentication data. in the
>> physical world we have many such sources, and in cyberspace we have
>> several predominant ones, the DNS being the most common example.
>
>I think it came from the desire to proceed from authentication to the
>purpose for which the authentication was carried on: what do I do with
>this request, now that I know the identity of its initiator?
authorization does that, but the role of "trust" in authorization
seems questionable at this layer, which is the focus of this WG's
discussion.
>And again to repeat myself - in IPsec the decision (probably) is very
>trivial: if I recognized the key and authenticated the traffic, I can
>allow it to enter my box, the rest is an application-level problem.
I thik we generally agree here.
>
>> are you looking for the SPKI WG mailing list?
>>
>> I think it died along with the WG :-)
>
>SPKI? What's that? (:-)
>
>But seriously, how do you identify a key on a borrowed laptop roaming
>through a foreign domain? [not by IP address and probably not by FQDN]
First, I don't want to identify keys in most cases (I don't see them
as principals), and this would be one of them.
If I am responsible for access control for some resources, I want to
know who's requesting access, and for that I want a name or at least
an organizational affiliation. So, the issue here might be how the
user manages to assert his identity when he is using the borrowed
laptop, in a fashion that minimizes the risk to his secrets. (The
issue also might be whether I want to let the known, authorized user
into my environment given that he is using a borrowed laptop ...)
There are various ways to address the problem, depending on the
technology available to the user, whether the user was prepared to
employ a borrowed laptop, etc. Use of crypto tokens, one-time keys,
etc. all come to mind and all have limitations based on the
circumstances.
Of course, as a Mac user I rarely have this problem because I would
not want to borrow a PC laptop anyway :-)
Steve