pem-dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Secure Hardware Requirements for PEM participation

1992-07-07 05:05:00
from [Stephen D Crocker] [Permanent Link] 
Sender:      pem-dev-relay(_at_)TIS(_dot_)COM
From:    Peter Williams 
<P(_dot_)Williams(_at_)cs(_dot_)ucl(_dot_)ac(_dot_)uk>
To:      pem-dev(_at_)TIS(_dot_)COM
cc:      Peter Williams 
<P(_dot_)Williams(_at_)cs(_dot_)ucl(_dot_)ac(_dot_)uk>
Date:    Tue, 07 Jul 92 12:47:34 +0100
Subject: Secure Hardware Requirements for PEM participation


Can I ask a blunt question, please?

Does one's site in current reality need to own and operate BBN
SafeKeyper hardware, or equivalent, to be part of the coming PEM
pilot?


NO.  You need hardware and software that you trust well enough to use
PEM.  That can be achieved with (a) single-user system, (b)
sufficiently well configured and operated multi-user system, or (c)
special purpose hardware such as the SafeKeyper.



Our local security group thought long and hard yesterday how to deny
our intuitive conlusion that PEM sites MUST have such a secure hardware
base to be part of the PEM pilot/service as only then would the
provisions of RFC 1114 allow the current operators to certify newcomers
and thereby maintain the assurance levels required to derive the
perceived PEM requirements for trusted identities and the consequent
PEM user security services.


The existing RFC 1114 is obsolete, and this is one of the areas that
got substantial consideration in the revision.  Read the current
internet-draft that is intended to replace RFC 1114.


We did not succeed. We tried hard to consider the whole trust/belief
solution and all its major network design issues relating assurance to
trust to naming to secure-hardware to certification to ... and after
all this, failed to reconcile both our own understanding of the design
justifications for RFC 1114, and the (perhaps incorrect) RFC 1114
implication recounted above.


Completely untrusted systems won't do, of course.  but there's a long
way between completely untrusted systems and special purpose
hardware/software systems.


So, its really a question of "Help!" - I need reasons to believe in RFC
1114 operating in your average Internet site without trusted
certificate generator hardware. I know Steve Kent will have designed it
thus, but how?

Peter.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Secure Hardware Requirements for PEM participation, Peter Williams
Next by Date:  Re: Secure Hardware Requirements for PEM participation, shirey
Previous by Thread:  Secure Hardware Requirements for PEM participation, Peter Williams
Next by Thread:  Re: Secure Hardware Requirements for PEM participation, shirey
Indexes:  [Date] [Thread] [Top] [All Lists]