[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: New drafts just submitted
Carl - I have had a chance to read thru the theory document. It is the
clearest exposition I have yet seen of the ideas. Congratulations! I
particularly liked the summary of the delegation discussions.
One typeo, and one gratuitous comment:
>6.3 5-tuple Reduction Rules
>
> The two 5-tuples:
>
> <I1,S1,D1,A1,V1> + <I2,S2,D2,A2,V2>
>
> yield
>
> <I1,S2,D2,AIntersect(A1,A2),VIntersect(V1,V2)>
>
> provided
>
> the two intersections succeed,
>
> I1 = S2
>
> and
>
> D1 = TRUE
>
>
> If S1 is a threshold subject, there is a slight modification to this
> rule, as described below in section 6.3.3.
Shouldn't it say "S1 = I2" instead of "I1 = S2"?
>7.6 Key Revocation Service
>
> ...
>
> As the world moves to having all machines on-line all the time, this
> might be the user's machine. However, until then -- and maybe even
> after then -- the user might want to hire some service to perform
> this function. That service could run a 24x7 manned desk, to receive
> phone calls reporting loss of a key. That authority would not have
> the power to generate a new key for the user, only to revoke a
> current one.
Unless authorization for the revocation is carefully controlled, this is a
wonderful opportunity for a denial of service attack. I actually had the
joy of being able to say to a person who had just described how their
(mainframe) system disabled accounts after 3 invalid passwords, "Oh, how
nice. What is your user name?"
-------------------------------------------------------------------------
Bill Frantz | Macintosh: Didn't do every-| Periwinkle -- Consulting
(408)356-8506 | thing right, but did know | 16345 Englewood Ave.
frantz@netcom.com | the century would end. | Los Gatos, CA 95032, USA
Follow-Ups: