pem-dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: comment on relay/MLA authentication

1994-12-28 12:38:00
from [Peter Williams] [Permanent Link] 


   >From: Amanda Walker <amanda(_at_)intercon(_dot_)com>
   >Subject: Re: comment on relay/MLA authentication
   >Date: Tue, 27 Dec 1994 21:15:25 -0500

   >Well, I managed to come up with a possible meaning for your comment that 
could 
   >be accomplished in classic PEM: i.e., that a mail transfer agent could 
verify 
   >the certification chains of the originator and/or recipient in order to 
make 
   >routing policy decisions.

It very dangerous, though. The binding of a trust path in the message, and the 
message
origin is very weak. An attacker might substitute the original path, having
deduced that this is the criteria for your decision function, for another which
suits his/her purposes. One has to be careful.

   >
   >This is something that can be done with X.509 certificates and a PCA 
   >hierarchy, and which could be useful.  Given several recent threads, such a 
   >comment actually makes some sense...  It hadn't occurred to me that someone 
   >would post an intentional non sequitur, so I tried to assign some relevant 
   >meaning to it.

You have to assume the worst in security design (and security-related
WGs!), and know what your design baselines are, and what your claims
are. This is what is missing from MIME/PEM document.

   >
   >This just goes to show that the semantics of a message are by their very 
   >nature subjective :).

The message *content* is largely subjective. But MIME is one architecture 
amongst
many which attaches labels to get a large meausre of objectivity involved, so
stupid computers can act automatically.

The security services and attached signature bits in the X.400 *model*
(Model, Ned, note) are placed distinct from the content in a very
obvious manner so noone is confused. Given the actual IPS, PEM did the
same, by positioning itself as a MHS subprotocol, over which content
protocols such as MIME flow. The architecture layering however is not
changed.

That MIME and the security sub-protocol are intermixed, and MIME also
somethimes mixes MHS and MTS functions, we get into a right semantic mixup fast.
Without clarity of semantics, there can be no security or privacy.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: limitations of mime-pem transformation, Peter Williams
Next by Date:  Re: comment on relay/MLA authentication, Amanda Walker
Previous by Thread:  Re: comment on relay/MLA authentication, Amanda Walker
Next by Thread:  Re: comment on relay/MLA authentication, Amanda Walker
Indexes:  [Date] [Thread] [Top] [All Lists]