[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: delegation conflict, background

At 12:34 PM 7/2/96 -0400, David P. Kemp wrote:

>I think you left out the most obvious choice:
>(4) Bob uses his private key to set up an IPSEC telnet session from
>his Mac to the supercomputer, then FTP's the file from Alice's machine
>to the super, doing the authentication calculations on his Mac.  The
>private key never leaves Bob's hands (or smartcard).
>No delegation required, just a secure channel.
>Of course if Alice requires more than just authentication to hand out
>the file, the supercomputer must have some mechanism for letting Bob
>calculate and install session keys, but it's more plausible that the
>supercomputer would negotiate the session keys (as itself) and Bob
>would be granted the access (as himself).  Alice would then know both
>who got the file and where it went.

David -- I think we have a solution which is much cleaner than option (4).
I'll be sending out the I-D Brian, Bill and I have been working on -- in a
day or two.  However, I grant you that (4) works -- provided FTP is
controlled by interactive chal/resp with a human user.  It can probably be
generalized to cover Bob's providing the super with an RPC pipe over which
the super can relay any authorization dialog.  As you point out, the pipe
must be private to prevent Eve's hijacking the authorization for her own use.

 - Carl

|Carl M. Ellison          cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                              http://www.cybercash.com/    |
|207 Grindall Street           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103       T:(410) 727-4288     F:(410)727-4293        |