Re: operational protocols

[Reginald Carey <rbcarey@xxxxxxxxxxxxx>]

Stef Hoeben wrote:
> 
> Since you're all shooting at me, I better withdraw
> and shut up (though in some cases a CIL could be
> usefull, IMHO:)
> 
> The main reason for me was to ask the two questions
> in my first mail ... (which still no-one bothered to
> answer)
> 
> By the way, even if you also trust your Directory
> (though it would off course be nicer to only trust
> the CA), there is still the risk of spoofing (someone
> who intercepts the reponse the Directory sends to
> you). So (only) authentication (by the CA) of _all_
> answers the Directory gives are a solution to this
> spoofing, IMHO again.
> 

The best way for a DUA to ensure that it is not being
spoofed by a rogue DSA impersonator is to require
signed operations on both directory requests and responses.
In that way you can trust your directory.  It may not give
you what you asked for but then again, you'll know that what
was sent by the directory will be what you receive.  Also, 
having secure prior knowledge of your CA's certificate is 
the ONLY way to know that any signature is valid.  This can
be done via some read only storage device provided by the CA.

-- 
+----------------------------------------------------------------------+
| Reginald B. Carey                 | J.G. Van Dyke & Associates, Inc. |
| Senior Systems Engineer           | 141 National Business Pkwy, #210 |
| Voice (301) 939-2707              | Annapolis Junction, MD 20701     |
| Fax   (301) 953-2901              | Office (301) 953-3600            |
| mailto:rbcarey@jgvandyke.com      | http://www.jgvandyke.com         |
+----------------------------------------------------------------------+