Re: Security, Cancels and Authorization

From: Clive D. W. Feather (clive@on-the-train.demon.co.uk)
Date: Wed Sep 05 2001 - 08:50:09 CDT

• Next message: Charles Lindsey: "Re: Security, Cancels and Authorization"
• Previous message: Bill Davidsen: "Re: Security, Cancels and Authorization"
• In reply to: Charles Lindsey: "Security, Cancels and Authorization"
• Next in thread: Charles Lindsey: "Re: Security, Cancels and Authorization"

-----BEGIN PGP SIGNED MESSAGE-----

In message <200109041154.MAA01837@clw.cs.man.ac.uk>, Charles Lindsey
<chl@clw.cs.man.ac.uk> writes
>1. The BIG BIG solution
>
>Complete the work on Digital Header Signatures, and incorporate it
>into the draft as the approved method (or, more likely, put it into a
>separate RFC and refer to it in the draft).

I agree with Bill - while it would be nice, I can't see this happening
in the right timescales.

>OTOH, we might well agree that an early extension to cover such security
>issues would be the way to proceed.

I would like to go further, and see work start *RIGHT NOW* on the
security document (whether on this list or a separate one). At the point
that we're making a final pass on the main draft, we can see whether the
security stuff is in a good enough state to merge in.

>2. The SMALL SMALL solution
>
>Do nothing.

No.

>3. The MIDDLE way
>
>Well there are several Middle ways possible, but one possibility would
>be to indicate that a further RFC on Security Issues was to follow, and
>to write wording into the draft at various points indicating that it
>should be used at those points as soon as it is available.

That's the approach I would go for.

>I think the main issues with regard to cancels are concerned with
>multiple cancels.

I think this is something we *should* solve in the main document, right
now. Whether it's a block cancel or a NOCEM, don't worry about security
- - it should and will use the same security mechanism as a single cancel
does.

- --
Clive D.W. Feather | Internet Expert | Work: <clive@demon.net>
Tel: +44 20 8371 1138 | Demon Internet | Home: <clive@davros.org>
Fax: +44 20 8371 1037 | Thus plc | Web: <http://www.davros.org>
Written on my laptop; please observe the Reply-To address

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQEVAwUBO5YtkCNAHP3TFZrhAQENZAf+OC8GFuKjI4OqPUcmnLT65R8ZCToyTIIJ
3Zq+CPH9KYTip7Gx5BwlybfKsBno5m3y1e/XAEf4JiubgYPhCh+hShXngfgqjjRO
PlHhplYVPiLcRGLtxxr4+YSPjG/RafCpRAhyuIYn4Sxlxas9vcRpynT7mdfoBbcp
o9uijXCgdyg2/vqYTBIFfCqD5wKIYr0dgOexB74/awbkR5if1r/JPGKvdLbCIqcy
gjVecgIHqenBY3PDCckGaDtetG09geN709KbgVYlIA9gq5KDuNAswfBOd+hUaUSx
TL/g8TjazwU6SaK+cDT+d2ijtA1gS0Wk9hyPZKMmakg7+WZ6eCH+Tg==
=7YeM
-----END PGP SIGNATURE-----

• Next message: Charles Lindsey: "Re: Security, Cancels and Authorization"
• Previous message: Bill Davidsen: "Re: Security, Cancels and Authorization"
• In reply to: Charles Lindsey: "Security, Cancels and Authorization"
• Next in thread: Charles Lindsey: "Re: Security, Cancels and Authorization"