Peter,
The design principle for MOTIS messaging and authentication protocols
wrt to key distribution is that only the key is required to validate statement
X <period>. If the information has any sensitivity, then the key
distribution protocol will itself be secured and be assured.
What is MOTIS? I don't recognize the name. I may therefore be taking
something completely out of context, but I don't understand how a key
alone can validate a statement, unless perhaps the key has embedded
within it some identification as to whose key it was, when the statement was
signed and in what context, etc.
We have done a lot of work in PEM and elsewhere over the last five years,
but (as a result of an increased level of understanding of the problem), I
think that we are further away from having a true solution for nonrepudiation
than we thought we were five years ago.
Does "validate" equal "nonrepudiation" in your mind? Or are we talking at
cross purposes.
This is a requirement for auditing of the authorization decision
relating to the organizational-message release procedures, not
(explicitely) the authentication of the originator or preparer. This is
an end-system issue, not a protocol issue. However, people do disagree,
and some consider that the network might privide this service, viz the
old X.400/MSP debate. in this case, it does seem that an authorization
*reference* needs to be associated with an identity certificate which
is to cross management domains operating different privileges and
lattices. The DMS vs rest-of-NATA messaging groups are now (still!)
having to deal with this issue.
A few years ago, when I turned 50, I resolved that I wasn't going to work
on projects that might not come to fruition before I retired. NATO may very
well disappear before all those other problems are solved. Can you imagine
the problems of integrating DMS with the Ukraines and the Russians when
they join NATO?! Absorbing Stasi into Germany was bad enough.
"AUTODIN will live forever." Jeanne Dixon, 1994 Predictions and
Horoscope for the Stars. :-)
Bob