pem-dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

bounced msg

1993-09-27 13:28:00
from [David I. Dalva] [Permanent Link] 

   ----- Unsent message follows -----
Received: by us3rmc.bb.dec.com; id AA19902; Thu, 16 Sep 93 09:51:23 -0700
Received: by inet-gw-1.pa.dec.com; id AA13728; Thu, 16 Sep 93 09:51:15 -0700
Received: from magellan.tis.com by magellan.TIS.COM id aa23558;
          16 Sep 93 12:10 EDT
Received: from tis.com by magellan.TIS.COM id aa23218; 16 Sep 93 11:18 EDT
Received: from azalea.tis.com by TIS.COM (4.1/SUN-5.64)
        id AA05949; Thu, 16 Sep 93 11:18:42 EDT
Received: by azalea.tis.com; id AA01740; Thu, 16 Sep 93 11:17:23 EDT
Received: from itd.nrl.navy.mil/128.60.2.2 via smap
Received: by itd.nrl.navy.mil (4.1/SMI-4.1)
        id AA01563; Thu, 16 Sep 93 11:17:49 EDT
Date: Thu, 16 Sep 93 11:17:49 EDT
From: Ran Atkinson <atkinson(_at_)itd(_dot_)nrl(_dot_)navy(_dot_)mil>
Message-Id: <9309161517(_dot_)AA01563(_at_)itd(_dot_)nrl(_dot_)navy(_dot_)mil>
To: shirey(_at_)smiley(_dot_)mitre(_dot_)org
Subject: Re: Use of DNS to distribute keys
Cc: ipsec(_at_)ans(_dot_)net, namedroppers(_at_)nic(_dot_)ddn(_dot_)mil, 
pem-dev(_at_)tis(_dot_)com


Rob,

  Before you choke on your morning coffee, the quote you cite is NOT from
me.  I want to use Key Certificates rather than raw keys and I see a number
of infrastructure/deployment problems with building trust mechanisms into
each and every DNS server.  From my very first note *I* have been talking
about key certificates.  I believe the quote you cite is from Ohta-san.

  Rest confident that I am VERY worried about assurance in information
systems.  I work in the Center for High Assurance Computing Systems at
NRL and we at NRL are basically sceptics about anything less than B3 kinds
of assurance in trusted systems.  Our running comment when vendors visit
us is "it might be trusted but is it really TRUSTWORTHY ?".

  I have pondered the deployment of authentication into an internet
in some previous research.  I do see the approach Ohta-san advocates as
one that is interesting.  Based on my research and some experimentation,
I have concluded that key certificates are the only way to get reasonable
kinds of assurance and to make widespread deployment practical.

  In particular, I would like to try to reuse the key certificate
infrastructure being developed and deployed for PEM if at all possible.

Ran
atkinson(_at_)itd(_dot_)nrl(_dot_)navy(_dot_)mil

------- End of Forwarded Message
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  bounced msg, David I. Dalva
Next by Date:  bounced msg, David I. Dalva
Previous by Thread:  bounced msg, David I. Dalva
Next by Thread:  bounced msg, David I. Dalva
Indexes:  [Date] [Thread] [Top] [All Lists]