[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
A day in the life of ephemeral certificates
- To: spki@c2.org
- Subject: A day in the life of ephemeral certificates
- From: "marcus (m.d.) leech" <mleech@bnr.ca>
- Date: Wed, 20 Mar 1996 14:09:33 -0500
- Organization: Nortel Technologies, System Security Services
- Sender: owner-spki@c2.org
- X400-Content-Type: P2-1984 (2)
- X400-Mts-Identifier: [/PRMD=BNR/ADMD=TELECOM.CANADA/C=CA/;<199603201909.AA198678973@bcarh6]
- X400-Originator: mleech@bcarh6dc.ott.bnr.ca
- X400-Received: by mta bnr.ca in /PRMD=BNR/ADMD=TELECOM.CANADA/C=CA/; Relayed; Wed, 20 Mar 1996 14:10:54 -0500
- X400-Received: by /PRMD=BNR/ADMD=TELECOM.CANADA/C=CA/; Relayed; Wed, 20 Mar 1996 14:10:25 -0500
- X400-Received: by /PRMD=BNR/ADMD=TELECOM.CANADA/C=CA/; Relayed; Wed, 20 Mar 1996 14:09:33 -0500
- X400-Received: by /PRMD=BNR/ADMD=TELECOM.CANADA/C=CA/; Relayed; Wed, 20 Mar 1996 14:09:33 -0500
-----BEGIN PGP SIGNED MESSAGE-----
I've been doing more thinking about realistic scenarios for the use of ephemeral
certificates.
I log in to my workstation in the morning:
1) I pick a key-pair from a pool that my workstation has generated for
me overnight.
2) I unlock the private key of my identity-based (long-term) certificate
3) Using that certificate, I:
Obtain Kerberos Ticket Granting Tickets from each of the KDCs
that I normally need TGTs from
Obtain ephemeral privilege granting certficates from each of
the PGAs (Privilege Granting Authorities) that I normally need
to acquire privilege from. Those ephemeral certificates mention
the public key from the key-pair I had selected earlier.
4) I use services that require the use of either Kerberos tickets or
these fancy ephemeral certificate things.
I can envision using one of these PGCs (Privilege Granting Certificates)
to establish, as required, a "security association" with host systems
that I normally interact with. Once I have one of these SAs, I don't
need to use the PGC with the target host again until my SA expires.
The target host would naturally cache my "privilege vectors" when
it creates an SA. You don't get non-repudiation for transactions
protected by such an SA, but often you don't need that. Indeed, in
the day-to-day network-login, network-copy, network-this-and-that
scenario, you care only that your messages are protected, and that
the target host has some confidence in the privileges associated with
those messages. I can envision "unix-login-id" being one of the
"privileges" (capabilities?) that might be associated with a PGC.
In a large corporation, there would likely be many PGAs, with
a given identity having, for example, different "unix-login-id"
capabilities in different domains (from different PGAs).
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQBVAwUBMVBX66p9EtiCAjydAQEL6QH+J5Sy1Ymopq4kTODPqXQ9TsFOfNC/1HKu
mzE1Oyb3gPElVzL+8sGkZo4a+KO77Sz0aDbbaDo5ssN3NC9d4VK6LQ==
=aXBd
-----END PGP SIGNATURE-----
--
----------------------------------------------------------------------
Marcus Leech Mail: Dept 4C16, MS 238, CAR
Systems Security Architect Phone : (ESN) 395-4901 (613) 763-9145
Systems Security Services Fax : (ESN) 393-7679 (613) 763-7679
Nortel Technologies mleech@bnr.ca
-----------------Expressed opinions are my own, not my employers------