FYI.
------- Forwarded Message
Message-ID: <9210122014(_dot_)AA23006(_at_)TIS(_dot_)COM>
From: Peter Williams
<P(_dot_)Williams(_at_)cs(_dot_)ucl(_dot_)ac(_dot_)uk>
To: osisec-beta(_at_)cs(_dot_)ucl(_dot_)ac(_dot_)uk
Date: Mon, 12 Oct 92 20:50:51 +0100
Subject: Perhaps OSI security is not possible in a liberal community!
A DISCUSSION POINT:
There is a heated debate in the our security design group regarding the
belief that all key distribution for the Open Systems world MUST
"be based on hierarchical distribution and naming of personal
credentials".
ONLY...
...this way can one obtain easy to manage wide-area naming policies,
minimal complexity in key verification, and otherwise general confidence or
other forms of trust in credentials presented in the course of
authentication.
Now the IETF PEM group had a good discussion on this topic a year ago,
and convinced many that this general strategy was right for coming
Internet mail services.
Now there are some real experts in that group who, unlike me, know what
they are talking about! And they say, in the I-D known as RFC 1114e,
and later versions:
"The proposed architecture imposes conventions for the
certification hierarchy which are not strictly required by the
X.509 recommendations, nor by the technology itself. These
conventions are motivated by...<good reasons"
Now its the phrase "nor by the technology itself" which impresses me.
This means the author(s) accept(s) that other conventions could have
application, and still be a respected use of the X.509 psuedo-standard
(which all security experts seem to really love to hate).
Now, what are these ways? Does anyone know?
I want to test out the thesis that PEM rules (which I support for
PEM-mail) really do serve as a GENERAL-purpose infrastructure which
"may, in principle, be used to support X.400 ... and
X.500..."[RFC1114e/3.1]
I have just had the salutory and unpleasant experience whereby an OSI
user service of allowing the authentication of the serving party in a
communication was eliminated from a pilot, being deemed a service of
little real need by our resident security expert, on the real basis that
the above naming rules makes it impossible to operate such a service in
the context of our real world pilot.
Okay, the comment and opinion is perfectly repectable, but I really do
worry that the implications of the above PEM assertion have really not
been thought through, or alternatively, that there is a fundamental
architectural flaw in the current OSI security architectures as
epxressed through X.400/X.500/X.700 etc.
Now I could go on, and on. But my real point is this:
Do any of you security folk ALREADY know that these rules ARE infact
immutable; or should we continue research in the area?
My dilemma is that currently I am eliminating more potential security services,
in practice, than I am preparing to offer!
------- End of Forwarded Message