[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: FW: Delegate

To: "'Derek Atkins'" <warlord@mit.edu>
Subject: RE: FW: Delegate
From: "Phillip M. Hallam-Baker" <hallam@ai.mit.edu>
Date: Thu, 19 Dec 1996 15:05:39 -0500
Cc: "Spki (E-mail)" <spki@c2.net>
Sender: owner-spki@c2.net

The only problem with this model is that you don't necessarily know
how long an internal chain-of-command is.  This is similar to IP
subnetting.  For example, from outside MIT (which has net 18), there
is a single "network", so someone from the outside could say "well,
there is only one net-18 subnet, so I delegate with level one".  But
once you get past the router you find many /16 subnets.  Oops!  but
wait, some of those /16 nets get split up even further, into /24 or
even /28 networks!

That is precisely why I would wish as a manager at the top 
of a corporation to stop unbounded delegation. Each link
in the chain makes it harder to discover what is going on.

As a security officer I would consider it very important to
be able to control the number of phone calls required to 
discover what had happened. The depth of the tree has a major 
effect on the search time since each link may potentially 
involve contacting someone who is off sick, on holiday or
absconded with the money.


	Phill

Follow-Ups:

Re: FW: Delegate

From: Derek Atkins <warlord@mit.edu>

RE: FW: Delegate

From: Bill Frantz <frantz@netcom.com>

Prev by Date: Re: FW: Delegate
Next by Date: Re: FW: Delegate
Prev by thread: Re: FW: Delegate
Next by thread: Re: FW: Delegate
Index(es):
- Main
- Thread