>From: jueneman <jueneman%wotan(_at_)com(_dot_)gte>
>Subject: Re: Re: Soldiers, sailors, etc.
>Date: Wed, 12 Jan 94 13:09:09 EST
>In addition, regardless of whether there is a directory or not, the X.509
>certificate that is used to authenticate a digital signature has to contain
>a sufficient amount of information as to support that validation, and that
>has to be captured as of the (approximate) time the message or document
>was signed.
The design principle for MOTIS messaging and authentication protocols
wrt to key distribution is that only the key is required to validate statement
X <period>. If the information has any sensitivity, then the key
distribution protocol will itself be secured and be assured.
As an object of communcation, a signature does indeed have semantics;
this is carefully tied to each messaging security service - which is
why the X.400 security model is so seemingly vague and redundant.
X.400, PEM, MOSIAC-SMTP etc. do not offer messaging security services
to represent statements about the content, though a military or edi
messaging content type may do so, independently of the messaging
support structure.
I'm sure that you understand this requirement, for DMS is required
>to support "official" record traffic which can direct the flow of money,
cause troops
>to go to war, and lots of other interesting things that might eventually
have to
>be audited.
This is a requirement for auditing of the authorization decision
relating to the organizational-message release procedures, not
(explicitely) the authentication of the originator or preparer. This is
an end-system issue, not a protocol issue. However, people do disagree,
and some consider that the network might privide this service, viz the
old X.400/MSP debate. in this case, it does seem that an authorization
*reference* needs to be associated with an identity certificate which
is to cross management domains operating different privileges and
lattices. The DMS vs rest-of-NATA messaging groups are now (still!)
having to deal with this issue.