[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: KISS for PKIX .... password/digital signature

To: "Flanigan, Bill" <flanigab@xxxxxxxxxxxx>
Subject: RE: KISS for PKIX .... password/digital signature
From: Lynn.Wheeler@xxxxxxxxxxxxx
Date: Tue, 27 Jul 1999 07:32:23 -0700
Cc: "'David P. Kemp'" <dpkemp@xxxxxxxxxxxxxx>, ietf-pkix@xxxxxxx

another characteristic (again applies to both aads as well as cads deployments)

is that protocol and authentication process can be common across a wide variety
of
integrity implementations for the source ... i.e. software protected private
key, hardware tokens for private key, pin activated token w/key, biometric
activated token w/key, assurance level of the token, assurance level of whether
dealing with known chip or possibly copy-chip.

somewhat not be encumbered with figuring out the meaning of a certificate ...
we've had little more luxary to look at other critical areas ... things like can
we parameterize the infrastructure and use the same infrastructure for very high
value things (possibly billions of dollars) as well as relatively low value
things (tens of cents) ... and leverage the infrastructure parameterization to
adapt of periods in the 50+ year scale. The result is that risk managers can
look at the infrastructure and make informed decisions regarding components
necessary for specific risk levels.

This is a avenue that could also be applied to certificate/offline
infrastructures ... although the perceived incremental value proposition would
be different ....  i.e. high value transaction risk assesement is not only
looking at integrity levels of the components but also various real time and
aggregated information

in that sense the certificate/account analogy is somewhat like badge entry
systems
... their are both online (aka account, presumably even DOD has at least some
online badge
entry systems) implemenations as well as offline (aka certificate) solutions for
badge entry systems. Offline/online choice can be combination of cost, risk and
liability. the liability one can be tortured trail  ... i.e. if something
adverse is learned then can a person be instantaneously fired and all access
revoked (liability can shift based on when something is known ... and business
processes like liability insurance can dictate how something is handled).

Prev by Date: Re: DRAFT PKIX WG Meeting Minutes
Next by Date: Re: KISS for PKIX
Previous by thread: Re: DRAFT PKIX WG Meeting Minutes
Next by thread: humo[u]r in law
Index(es):
- Date
- Thread