Re: New Version of TechMail-PEM available


Word of caution:

The "tuning knob" is a great tool for flexibility.  However, are you
going to implement it on a message-by-message basis?  It is likely
that I would like to decide the "finiky"-ness of each message
independently.

But, if I had to be concious enough to turn the knob for every message
I get,  I might as well read all the messages displayed by the
signature verification software and determine if I accept that
message.  This may be a problem for ordinary users. 

Certainly I want my software to display the message even if the
signature is invalid.  Maybe I want to laugh at what the intruder has
written (thinking that I will believe it)!  i.e. the software that has
the tuning knob at a very tight position is not good.

_______________________________________________________________________
Alireza Bahreman                          E-Mail: 
bahreman(_at_)bellcore(_dot_)com
Bellcore, Room RRC-1K221                  Phone : +1 908 699 7398
444 Hoes Lane, Piscataway, NJ 08854       Fax   : +1 908 336 2943


You write:

This has led me to believe that we need a tuning knob on the PEM verificatio

rules. In this fashion we can give the end users control over how finiky the

wish to be. Levels of the (digital) know might be:

1) All certificates and CRLs are required.
2) CRLs are required but may be obsolete.
3) No CRLs are required.
3a) CRL required from first level CA but not from higher levels in
    hierarchy.
4) CA certificates can be obsolete (and PCAs as well)
5) User certificates can be obsolete
6) Anything is ok (PEM becomes a no-op) or a printf("All OK");


Jeff  - 

I like this idea. In fact, I like it a lot. In trying to get PEM as 
widely accepted as possible, I think some leeway should be given for 
users with differing privacy/security requirements. Plus, as mail-based 
applications begin to transition into PEM-based applications, this would 
appear to be a useful functionality.

This idea seems to be a compromise between users who need to be absolutely 
sure of the identity of the message (i.e. a message from a boss to an 
employee telling them to do something), and users who are less concerned 
with a CRL's current validity (i.e. two employees who sit down the hall 
from each other carrying on a private conversation about a new product). 

- Anish

-----------------------------------------------------------------------
Anish Bhimani                                  
anish(_at_)ctt(_dot_)bellcore(_dot_)com        
Enterprise Network Integrity                   (908) 699-5571 (phone)
Bellcore                                       (908) 336-2732 (fax)

<Prev in Thread]	Current Thread	[Next in Thread>
New Version of TechMail-PEM available, Jeffrey I. Schiller Re: New Version of TechMail-PEM available, jueneman%wotan Re: New Version of TechMail-PEM available, Jeffrey I. Schiller Re: New Version of TechMail-PEM available, Anish Bhimani Re: New Version of TechMail-PEM available, Ali Bahreman <= Re: New Version of TechMail-PEM available, Steve Kent Re: New Version of TechMail-PEM available, Jeffrey I. Schiller Re: New Version of TechMail-PEM available, wesommer Re: New Version of TechMail-PEM available, Steve Kent Re: New Version of TechMail-PEM available, Bill Sommerfeld Re: New Version of TechMail-PEM available, Steve Kent

Previous by Date:	Re: New Version of TechMail-PEM available, Anish Bhimani
Next by Date:	User control of error messages (Was: New Version of TechMail), jueneman%wotan
Previous by Thread:	Re: New Version of TechMail-PEM available, Anish Bhimani
Next by Thread:	Re: New Version of TechMail-PEM available, Steve Kent
Indexes:	[Date] [Thread] [Top] [All Lists]