[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: SACRED's vs. credentials' protection requirements [Was: RE: I-D ACTION:draft-ietf-sacred-reqs-00.txt]
Hi John,
> Protection quality may be separate from credential format; in general,
> interoperability may require not only that a common format be selected but
> also that a common protection mode. A format could simply specify
encryption
> with a key, independent of whether or not that key was password-derived.
> PKCS #12, as another example, specifies both password-based and public-key
> privacy and integrity modes. Have we established a working premise for
the
> level (if any) of protection to be assumed in SACRED-transported
credential
> objects before they're placed in SACRED hands?
I think the key is that SACRED is Secure _Access_ to Credentials;
in other words, we're saying that the access has to be
secured, independent of whether or not the credentials are
secured.
Cheers,
William