[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

A day in the life of ephemeral certificates

To: spki@c2.org
Subject: A day in the life of ephemeral certificates
From: "marcus (m.d.) leech" <mleech@bnr.ca>
Date: Wed, 20 Mar 1996 14:09:33 -0500
Organization: Nortel Technologies, System Security Services
Sender: owner-spki@c2.org
X400-Content-Type: P2-1984 (2)
X400-Mts-Identifier: [/PRMD=BNR/ADMD=TELECOM.CANADA/C=CA/;<199603201909.AA198678973@bcarh6]
X400-Originator: mleech@bcarh6dc.ott.bnr.ca
X400-Received: by mta bnr.ca in /PRMD=BNR/ADMD=TELECOM.CANADA/C=CA/; Relayed; Wed, 20 Mar 1996 14:10:54 -0500
X400-Received: by /PRMD=BNR/ADMD=TELECOM.CANADA/C=CA/; Relayed; Wed, 20 Mar 1996 14:10:25 -0500
X400-Received: by /PRMD=BNR/ADMD=TELECOM.CANADA/C=CA/; Relayed; Wed, 20 Mar 1996 14:09:33 -0500
X400-Received: by /PRMD=BNR/ADMD=TELECOM.CANADA/C=CA/; Relayed; Wed, 20 Mar 1996 14:09:33 -0500

-----BEGIN PGP SIGNED MESSAGE-----

I've been doing more thinking about realistic scenarios for the use of ephemeral
  certificates.

I log in to my workstation in the morning:

  1) I pick a key-pair from a pool that my workstation has generated for
     me overnight.

  2) I unlock the private key of my identity-based (long-term) certificate

  3) Using that certificate, I:

     Obtain Kerberos Ticket Granting Tickets from each of the KDCs
     that I normally need TGTs from

     Obtain ephemeral privilege granting certficates from each of
     the PGAs (Privilege Granting Authorities) that I normally need
     to acquire privilege from.  Those ephemeral certificates mention
     the public key from the key-pair I had selected earlier.


  4) I use services that require the use of either Kerberos tickets or
     these fancy ephemeral certificate things.

     I can envision using one of these PGCs (Privilege Granting Certificates)
     to establish, as required, a "security association" with host systems
     that I normally interact with.  Once I have one of these SAs, I don't
     need to use the PGC with the target host again until my SA expires.
     The target host would naturally cache my "privilege vectors" when
     it creates an SA.  You don't get non-repudiation for transactions
     protected by such an SA, but often you don't need that. Indeed, in
     the day-to-day network-login, network-copy, network-this-and-that
     scenario, you care only that your messages are protected, and that
     the target host has some confidence in the privileges associated with
     those messages.  I can envision "unix-login-id" being one of the
     "privileges" (capabilities?) that might be associated with a PGC.

     In a large corporation, there would likely be many PGAs, with
     a given identity having, for example, different "unix-login-id"
     capabilities in different domains (from different PGAs).

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMVBX66p9EtiCAjydAQEL6QH+J5Sy1Ymopq4kTODPqXQ9TsFOfNC/1HKu
mzE1Oyb3gPElVzL+8sGkZo4a+KO77Sz0aDbbaDo5ssN3NC9d4VK6LQ==
=aXBd
-----END PGP SIGNATURE-----

--
----------------------------------------------------------------------
Marcus Leech                   Mail: Dept 4C16, MS 238, CAR
Systems Security Architect     Phone   : (ESN) 395-4901  (613) 763-9145
Systems Security Services      Fax     : (ESN) 393-7679  (613) 763-7679
Nortel Technologies            mleech@bnr.ca
-----------------Expressed opinions are my own, not my employers------

Prev by Date: Re: Need for Start Date
Next by Date: Re: A day in the life of ephemeral certificates
Prev by thread: 20 questions (was Re: Man in the middle attacks)
Next by thread: Re: A day in the life of ephemeral certificates
Index(es):
- Main
- Thread