[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Java programs, etc.

Sr Zooko Journeyman,

The following comment has nothing to do with your argument, but may
be illuminating anyway with respect to getting SPKI/SDSI located into some
actual deployment environments where it can display the value
of its logic and signaling abilities.

>Hm.  I can issue a cert authorizing Alice to read and write in my 
>"/tmp/foo" directory, and then later I can issue another one 
>authorizing Alice to read and write my "/tmp/bar" directory.
>Alice is going to present these certificates at my firewall,
>which is going to take them, inspect them, generate similar
>certificates signed by itself, and then forward her WebNFS packets

>Zooko Journeyman

Ive been playing with this scenario using SSL/TLS and its inherent
extension facilities for new intra-SSL/TLS Record-layer protocols.

I imagine, with much practicality, the domain-constrained capability being
issued to Alice in the form of a tamper proof ephemeral SPKI certificate,
who installs NFS protocol to run over SSL transport, where the handshake
exchanges Alice's certificate with the firewall responder. Responder
accepts (eventually), upon performing necessary chain determination and
of all relevant tags, and having established second SSL connection to
internal NFS server using its own credential set for I&A. Using a
NFS-specific authorization protocol leveraging of the SSL/TLS 
integrity-protected Record Layer (no this is not application-data, this is a
per authorised protocol "sideband" channel), said entity forwards/proxies NFS
protocol data between NFS-end-points as application-data preserving incoming
framing and timing etc.

Said "NFS-auth" RecordLayer sideband protocol conveys the SPKI credentials
issued by the proxy, to the NFS server. NFS server can do its own additional
intersections during acceptance of the NFS-auth protocol process.
The proxy server's SSL NFS-client implementation is programmed to not
send application data forwarding frames until completion of SSL handshakes,
affirmation of NFS-servers acceptance of Alice's reduced authorizations
signaled via the NFS-auth sideband protocol. Said authorization may take
the form of presentation of a SPKI cert back to the proxy to constrain
forwarding characteristics.

Ok, I just described a couple of TCP/TLS tunnels mediated by
a firewall. But its now easy to get SPKI into useful deployment with
such practical notions! We can let the layer protocols and the stacks
do the authorization system integration rather than reprogram all