Re: IRIP version 4 (Part 2) - Trusted hosts

[Doug Royer <Doug.Royer@xxxxxxx>]

> From: Bruce_Kahn@iris.com
> Date: Sun, 21 Mar 1999 20:35:41 GMT
> 
> Doug replied (in part):
> >> >A trusted relationship between two IRIP servers means that one server
> >> >can queue transactions for the other server and deliver them some time
> >> >later. If IRIP server B trusts A, then A can queue requests for B. If A
> >> >does not trust B then B cannot accumulate requests for A.
> >>
> >> Why cant there be a queue between non-trusted hosts?
> >
> >I think it could be a security issue as there would not
> >be any way to trust who is asking for the data.
> 
> Not an answer.  If B can AUTHENTICATE to A and visa versa so each is able
> to 'log in', there is still _no_ implication of trust.  Trust !=
> Authenticatable.

So, do or don't trust them. How you make that decission is
an implementation detail.

> If B is just an intermediate host between A and C then there is nothing to
> preclude (or mandate really) the use of signed and/or encrypted data
> between them such that B cannot see or tamper w/it.   Also, if there is
> just 1 way trust then the entire concept of queueing outside firewalls on
> intermediate hosts (ie: B) is easily broken.

So if you trust them - and you should not have, yep.

> ...
> Still, the question about being able to queue requests for non-trusted
> hosts still stands: Why not??

If you DO trust the data from the source - then by definition
it IS a trusted host.

If you DO NOT trust the data from the source - then by definition
it's NOT a trusted host.

-Doug
-------------------------------------------------------------------
Doug.Royer@Sun.COM		http://playground.sun.com/~dougr
801 W. El Camino #131		Work:   (650)786-7599
Mountain View, CA 94040		Ham Radio: N6AAW, Aviation: PP-ASEL