[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: delegation conflict, background

> From: frantz@netcom.com (Bill Frantz)
> Now I see Bob has 3 choices:  (1) He can send his private key to the
> mini-supercomputer so it can act as him.  This course has a significant
> risk of compromising the secret key.  (2) He can FTP the file to his PC
> (assuming it will fit) and issue a certificate allowing the
> mini-supercomputer to access his copy.  (3) He can beg Alice for
> certificate allowing the mini-supercomputer to access the file. (But we all
> know how responsive sysadmins can be.)

I think you left out the most obvious choice:

(4) Bob uses his private key to set up an IPSEC telnet session from
his Mac to the supercomputer, then FTP's the file from Alice's machine
to the super, doing the authentication calculations on his Mac.  The
private key never leaves Bob's hands (or smartcard).

No delegation required, just a secure channel.

Of course if Alice requires more than just authentication to hand out
the file, the supercomputer must have some mechanism for letting Bob
calculate and install session keys, but it's more plausible that the
supercomputer would negotiate the session keys (as itself) and Bob
would be granted the access (as himself).  Alice would then know both
who got the file and where it went.