[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Some SACRED blasphemy

To: "'ietf-sacred@xxxxxxx'" <ietf-sacred@xxxxxxx>
Subject: Some SACRED blasphemy
From: "Covey, Carlin" <ccovey@xxxxxxxxxx>
Date: Tue, 9 Jan 2001 11:04:36 -0800
List-archive: <http://www.imc.org/ietf-sacred/mail-archive/>
List-id: <ietf-sacred.imc.org>
List-unsubscribe: <mailto:ietf-sacred-request@imc.org?body=unsubscribe>
Sender: owner-ietf-sacred@xxxxxxxxxxxx

SACRED persons, I hope that I may be forgiven a minor blasphemy ....

Both the SACRED requirements document and the SACRED framework document make
reference to
"entities" that use credentials.  In reading through the documents though,
they seem to be
making the assumption that an entity is a "user" who wants to make the
credentials
that are available to her in the context of some device environment, also
available to
her in a different device environment.

I think a little broader view is potentially useful.  

Some set of Authorization Entities (e.g. humans and/or devices) wishes, upon
satisfaction of 
some particular authorization policy, to make available to some set of
Destination Entities 
(e.g. humans and/or devices) some credentials supplied by some set of Source
Entities
(e.g. humans and/or devices). 

So what the heck does that mean?

Well, the applications that I have in mind are:

*   Key backup
*   Key escrow
*   Key distribution

where the Authorization Entities may be users, security administrators,
escrow agents or certification
authorities, and the Source Entities may include CA systems, key generation
devices, escrow agents, 
security administrators, and users, and the Destination Entities may include
users, security administrators,
VPN devices, and security administrators.

This view separates the authorization of the credential transfer from the
source of the credentials and the destination of the credentials.  Among
other situations, this addresses the case in which a device operator
(e.g. VPN installer, firewall administrator, server administrator)
authorizes credential transfers between two 
devices, the source device and the using device. 

The policies for some of the cases may involve multi-party authorization.
In that case, it would be
necessary to have some means for correlating the authorization warrants from
two or more Authorization
Entities.  At the least, this might involve including some sort of
Transaction ID in the SACRED protocol.
A more elaborate version of the protocol might involve communications among
Authorization Entities to 
solicit a quorum for a particular transaction.

Just some heretical thoughts .....

- Carlin Covey
  Cylink Corp.

Follow-Ups:
- Re: Some SACRED blasphemy
  - From: Bill Manning

Prev by Date: RE: Further SACRED requirements comments
Next by Date: RE: Further SACRED requirements comments
Previous by thread: fyi: US6154543: Public key cryptosystem with roaming user capability
Next by thread: Re: Some SACRED blasphemy
Index(es):
- Date
- Thread