[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: enrollment/mgt operations

To: stephen.farrell@xxxxxxxxxxxx, ietf-sacred <ietf-sacred@xxxxxxx>
Subject: Re: enrollment/mgt operations
From: "Chris M. Lonvick" <clonvick@xxxxxxxxx>
Date: Thu, 02 Nov 2000 09:08:23 -0600
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-sacred/mail-archive/>
List-id: <ietf-sacred.imc.org>
List-unsubscribe: <mailto:ietf-sacred-request@imc.org?body=unsubscribe>
Sender: owner-ietf-sacred@xxxxxxxxxxxx

Hi Steven and Everyone,

At 03:28 PM 10/27/00 +0100, Stephen Farrell wrote:

>Hi All,
>
>I guess the overall list of operations might be something
>like:
>
>GET      for downloads from a CS
>PUT      to update/change a credential or direct transfer one
>ENROLL   could be a special case of PUT?
>DELETE   to zap a credential (carefully:-)

Would it make sense to add
  COMPARE  to compare the stored credential to the credential
           on the CS or another device

For explanation, let's take the case that I am upgrading my Hand95
to a HandMM and I just transfered everything over from one to the 
other.  This _should_ mean that my credentials were also moved over.
...umm... or were they?  That ol' Hand95 was getting a bit long in
the tooth.  I think that it would be nice to just link my new HandMM 
to the network and ask it to COMPARE the stored credentials against 
those that are held on the CS.  I figure that this will probably be
a lot better than destroying the old credential and doing a GET.  
This may be as simple as sending in a fingerprint and getting a 
[yes|no] response from the CS. 

Along the same line, perhaps I take my phone into the shop for
repair.  They hand it back to me and everything 'looks' OK, but it
just 'feels' different.  I'd again like to just COMPARE my 
credentials to ensure that no one maliciously or accidentally 
tampered with them.

>So, questions:
>
>- Does all this just apply to the credential server case, or
>  also for direct transfers?

I'd suggest both.  For any set of circumstances of which I can
see, one device would be acting as a 'client' and the other as
a 'server'.  This is evident in the case of a device and the CS.
For a direct transfer, I can't think that they would be acting
as peers or anything other than one being a 'client' and the other
being its 'server' for the moment.  Those roles may reverse the
next moment.  Does it make sense to mandate that the initiator 
always play the role of 'client' in all cases?

Thanks,
Chris

Follow-Ups:
- Re: enrollment/mgt operations
  - From: Stephen Farrell

References:
- enrollment/mgt operations
  - From: Stephen Farrell

Prev by Date: Agenda for San Diego
Next by Date: Re: enrollment/mgt operations
Previous by thread: enrollment/mgt operations
Next by thread: Re: enrollment/mgt operations
Index(es):
- Date
- Thread