Re: what are realistic threats?

• To: zurko@osf.org (Mary Ellen Zurko), www-security@ns1.rutgers.edu
• Subject: Re: what are realistic threats?
• From: hallam@dxal18.cern.ch
• Date: Tue, 27 Sep 94 17:53:07 +0100
• Cc: hallam@dxal18.cern.ch
• In-Reply-To: Your message of "Tue, 27 Sep 94 09:13:45 EDT." <9409271313.AA00607@link.osf.org>
• Reply-To: hallam@dxal18.cern.ch

>There's a couple ways to attack the threat question. The classic
>security-centric way is to look at just the technology,
>uncontextualized, then to lop off the difficult parts of the problem
>you just don't feel you can solve (government agencies or similarly
>funded and experienced organizations, denial of service, and traffic
>analysis often fall into this category).

This is the main trap it is basically looking at the solutions and
seeing what problems they solve rather than starting with the problem.
Its very easy to end up with pointless `security' measures which arn't
and loopholes being classed as `not significant'. Prime example of this
type is the UNIX `security' guide a document which should carry a warning
notice that the information contained is dangerous to system security. 
People still read that document and believe that publicly readable password
files are safer than protected ones, even after various attacks have been
demonstrated on a world readable password file (crack etc).


On the issue of signed documents rather than signed communication I will be
releasing a paper on that point just as soon as it has been proof read.
I think we need a certificate mechanism, not just for key exchange, a
signed certificate can certify anything. A contract for example, or a
software distribution kit.

Something I consider to be a problem in PEM is that the certificates are
opaque. Unless you have extra software you can't know what a PEM key
certificate is about. I want certificates that are stand alone documents, 
they could be attached to a document to create a message but would not be
a part of the document.

There are many documents such a specifications which need to be authenticated
but are still public documents, the Whitehouse press releases being one 
example, RFCs being another. I don't think that some of the E-commerce
schemes scale to the organisational level, there has to be a non message
based authentication system as well, not least for filing receipts etc.


	Phill H-B

• re: what are realistic threats?
• From: zurko@osf.org (Mary Ellen Zurko)

• Previous: re: what are realistic threats?
• Next: re: what are realistic threats?
• Index(es):
  • Index
  • Thread