[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: New drafts just submitted
-----BEGIN PGP SIGNED MESSAGE-----
At 12:09 PM 10/27/98 -0800, Bill Frantz wrote:
>Carl - I have had a chance to read thru the theory document. It is the
>clearest exposition I have yet seen of the ideas. Congratulations! I
>particularly liked the summary of the delegation discussions.
>One typeo, and one gratuitous comment:
>>6.3 5-tuple Reduction Rules
>> The two 5-tuples:
>> <I1,S1,D1,A1,V1> + <I2,S2,D2,A2,V2>
>> the two intersections succeed,
>> I1 = S2
>> D1 = TRUE
>> If S1 is a threshold subject, there is a slight modification to this
>> rule, as described below in section 6.3.3.
>Shouldn't it say "S1 = I2" instead of "I1 = S2"?
>>7.6 Key Revocation Service
>> As the world moves to having all machines on-line all the time, this
>> might be the user's machine. However, until then -- and maybe even
>> after then -- the user might want to hire some service to perform
>> this function. That service could run a 24x7 manned desk, to receive
>> phone calls reporting loss of a key. That authority would not have
>> the power to generate a new key for the user, only to revoke a
>> current one.
>Unless authorization for the revocation is carefully controlled, this is a
>wonderful opportunity for a denial of service attack. I actually had the
>joy of being able to say to a person who had just described how their
>(mainframe) system disabled accounts after 3 invalid passwords, "Oh, how
>nice. What is your user name?"
Yes -- if you don't passphrase (or voiceprint) protect that revocation
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.5.3
-----END PGP SIGNATURE-----
|Carl M. Ellison firstname.lastname@example.org http://www.pobox.com/~cme |
| PGP: 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 |
+--Officer, officer, arrest that man. He's whistling a dirty song.-+