[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Some SACRED blasphemy

To: ietf-sacred@xxxxxxx
Subject: RE: Some SACRED blasphemy
From: "Covey, Carlin" <ccovey@xxxxxxxxxx>
Date: Tue, 9 Jan 2001 13:32:27 -0800
List-archive: <http://www.imc.org/ietf-sacred/mail-archive/>
List-id: <ietf-sacred.imc.org>
List-unsubscribe: <mailto:ietf-sacred-request@imc.org?body=unsubscribe>
Sender: owner-ietf-sacred@xxxxxxxxxxxx

Bill,

I believe that at the requirements and framework level we need to be
concerned
about the roles that various entities have, not their particular
implementation.
While the currently preferred implementation for credential creation and
consumption
is the "process", there is no conceptual reason why we couldn't employ
alternative 
implementations such as hardware state machines, data-flow models, or some
bio-electronic goo.

I agree with you that the "credential" is the end result of whatever
information 
processing is needed to achieve the desired security goal, be that
authorization, 
privacy, integrity, non-repudiation, etc. This information could be
distributed
among many physically separated entities, as it is in a PKI, so there is no
one
place where the "credential" exists.  For example, an X.509 certificate is a
credential only if the subject maintains the privacy of the private key, and
the
relying party is ensured that the matching public key is bound to that same
subject.
The credential that SACRED is supposed to port to another processing context
is
the subject's private information for authenticating himself or ensuring his
privacy,
and/or the trusted information for authenticating other subjects.  

But I'm waxing too philosophical here.  I'm sorry.  Perhaps I missed your
point?

- Carlin Covey
  Cylink Corp.
 


-----Original Message-----
From: Bill Manning [mailto:bmanning@xxxxxxx]
Sent: Tuesday, January 09, 2001 12:32 PM
To: ccovey@xxxxxxxxxx
Cc: ietf-sacred@xxxxxxx
Subject: Re: Some SACRED blasphemy


% 
% SACRED persons, I hope that I may be forgiven a minor blasphemy ....
% 
% Both the SACRED requirements document and the SACRED framework document
make reference to
% "entities" that use credentials.  In reading through the documents though,
they seem to be
% making the assumption that an entity is a "user" who wants to make the
credentials
% that are available to her in the context of some device environment, also
available to
% her in a different device environment.
% 

And I always thought that processes create/consume credentials, not people
or devices.
People generate (seeds/salt/tokens/secrets) and processes in devices work on
that input to 
generate/store/move/display/consume the results, which I think of as
credentials. 

-- 
--bill

Prev by Date: RE: Some SACRED blasphemy
Next by Date: RE: Some SACRED blasphemy
Previous by thread: RE: Some SACRED blasphemy
Next by thread: RE: Some SACRED blasphemy
Index(es):
- Date
- Thread