Re: WWW Security and Standards Efforts

• To: rosenthl@mcc.com (Doug Rosenthal)
• Subject: Re: WWW Security and Standards Efforts
• From: hallam@dxal18.cern.ch
• Date: Fri, 05 Aug 94 12:18:54 +0200
• Cc: hallam@dxal18.cern.ch, www-security@ns1.rutgers.edu
• In-Reply-To: Your message of "Thu, 04 Aug 94 09:44:51 CDT." <9408041444.AA04204@krypton.mcc.com>

>Some additional comments.  I think there will be a need for digital
>signatures both for the service *and* the end-user, depending on the
>type of service being offered.  While smartcards are promising, there
>are economic and integration issues to be dealt with before they can
>be widely used.  Finally, you touched on the human element in the
>world of computer/network security.  This is often overlooked, but a
>very real factor that needs consideration (e.g. security awareness,
>training, etc.).

Two way authentication is one of the major design considerations in Shen.

Unless the user is assured that the service they are using is genuine
it is easy enough to bypass an authentication system through middle man
attack or marquerade. "This is AMEX, please send your account number for
identification...".

There is much more than one security scenario that must be considered. 
Most people are talking about E-Comm (Electronic Commerce). Even here
the E-Shop people and the E-Mag people have very different needs.

The sort of security scenario I am interested in is to facilitate workers
>From home. Actually I see the market as being much wider :-

1) The travelling saleseman touching base through customers networks.
	
2) The parent looking after small children, probably working from home
	4 days a week with one in the office.

3) Applying remote expertise:-
	a) Engineer on call to secure installation.
	b) Remote system management.

4) The remote secretary

5) Data mining operations

6) Stock market trading.


Of course here again work is primarily a social activity and no a for profit
activity. If we were to rationalise the ecconomy of the West we could
probably sack three quarters of the workforce without seeing anyone
starve or have no shelter. There are many service industries that are 
non essential. Computer people have known for years that they go to work
for fun and not just for the money. We have to make people realise that
the idea "work" is a very complex thing.

To get home working to "work" USEnet and email for personal and social use
are absolute necessities, not luxuries.


Phill H-B

• WWW Security and Standards Efforts
• From: rosenthl@mcc.com (Doug Rosenthal)

• Previous: Re: Kerberos authentication for X-Mosaic 2.4 and NCSA HTTPD
• Next: Requirements for Secure Document Transfer Protocols
• Index(es):
  • Index
  • Thread