Re: [cicm] CICM Channels and GSS (was Re: IETF Working Group Charter on Common Interface to Cryptographic Modules (CICM))
Nico Williams <nico@cryptonector.com> Fri, 24 June 2011 19:21 UTC
Return-Path: <nico@cryptonector.com>
X-Original-To: cicm@ietfa.amsl.com
Delivered-To: cicm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 715DE11E80EE for <cicm@ietfa.amsl.com>; Fri, 24 Jun 2011 12:21:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.767
X-Spam-Level:
X-Spam-Status: No, score=-2.767 tagged_above=-999 required=5 tests=[AWL=-0.790, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FwXB0B8xm1As for <cicm@ietfa.amsl.com>; Fri, 24 Jun 2011 12:21:42 -0700 (PDT)
Received: from homiemail-a66.g.dreamhost.com (caiajhbdcaid.dreamhost.com [208.97.132.83]) by ietfa.amsl.com (Postfix) with ESMTP id BEDEA11E80BE for <cicm@ietf.org>; Fri, 24 Jun 2011 12:21:42 -0700 (PDT)
Received: from homiemail-a66.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a66.g.dreamhost.com (Postfix) with ESMTP id 94E5A350078 for <cicm@ietf.org>; Fri, 24 Jun 2011 12:21:42 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=cryptonector.com; h=mime-version :in-reply-to:references:date:message-id:subject:from:to:cc :content-type:content-transfer-encoding; q=dns; s= cryptonector.com; b=dp8l6YTigKRGtvzPhWmbKQiNF1l9kwY4LRTeMOfk8eAY nONN4mHT5lhZyRdiSsKc0sB0iS8xQtxT1QSdgU9pupLlP268Eu6BXOovso/Vb8Zh hYv/RYFPM+pyeZVX8XOUPYZhUYZtZ8VhP/Lj2lvOHc47dobzvIzDvYSwGqEVP/Q=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type:content-transfer-encoding; s= cryptonector.com; bh=vr4fu7iPoJZ0ScP8zQoFAgoFfQs=; b=pLgNQJnCNBO taqMV0n9+yloedH1KcMF9O0TnwBFDqt7SAAuQdRAUPkBNzINx0tjI7lPlRqpOOaX B/n8YOoJEfGooBTes0RELcuBV6LXd/V5eXbYs8SKzxgsIR4/uQxfCO3ymyJQcVXq UoLEeTv9PQNNBpPcRpg36dGzgJVagpGU=
Received: from mail-pw0-f44.google.com (mail-pw0-f44.google.com [209.85.160.44]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a66.g.dreamhost.com (Postfix) with ESMTPSA id 70456350072 for <cicm@ietf.org>; Fri, 24 Jun 2011 12:21:42 -0700 (PDT)
Received: by pwj5 with SMTP id 5so2140743pwj.31 for <cicm@ietf.org>; Fri, 24 Jun 2011 12:21:42 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.68.9.5 with SMTP id v5mr1866461pba.140.1308943302072; Fri, 24 Jun 2011 12:21:42 -0700 (PDT)
Received: by 10.68.41.167 with HTTP; Fri, 24 Jun 2011 12:21:42 -0700 (PDT)
In-Reply-To: <F9AB58FA72BAE7449E7723791F6993ED062CD280BC@IMCMBX3.MITRE.ORG>
References: <BANLkTikstTXmqyiuWtZCFwe1JSwKAX2_-A@mail.gmail.com> <F9AB58FA72BAE7449E7723791F6993ED062CD280BC@IMCMBX3.MITRE.ORG>
Date: Fri, 24 Jun 2011 14:21:42 -0500
Message-ID: <BANLkTinWsydK1RLB51JT5X0KxttY3OmB+A@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: "Novikov, Lev" <lnovikov@mitre.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: Crypto discussion list <cryptography@randombit.net>, "CICM Discussion List (cicm@ietf.org)" <cicm@ietf.org>
Subject: Re: [cicm] CICM Channels and GSS (was Re: IETF Working Group Charter on Common Interface to Cryptographic Modules (CICM))
X-BeenThere: cicm@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: CICM Discussion List <cicm@ietf.org>
List-Id: CICM Discussion List <cicm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cicm>, <mailto:cicm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/cicm>
List-Post: <mailto:cicm@ietf.org>
List-Help: <mailto:cicm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cicm>, <mailto:cicm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Jun 2011 19:21:43 -0000
On Fri, Jun 24, 2011 at 2:08 PM, Novikov, Lev <lnovikov@mitre.org> wrote: > Clearly, I need to make a better effort at being educated about GSS-API. > I'll be in touch with the KITTEN folks, per your suggestion. > > In brief, you'd like to know CICM can't use GSS-API and: > * use existing secure channel technologies, > * enforce privilege separation in a single channel, > * bind multiple authentications into a single channel, > * or extend GSS-API to meet (other) high assurance needs? > > Am I missing anything? That's about it, assuming the previous context. Basically, I would like strong justification for re-inventing wheels we already have. Sometimes we have to invent new wheels that are similar to, yet sufficiently distinguished from other wheels -- it's good to know what are the justifying distinctions. Thanks! Nico --
- [cicm] CICM Channels and GSS (was Re: IETF Workin… Nico Williams
- Re: [cicm] CICM Channels and GSS (was Re: IETF Wo… Novikov, Lev
- Re: [cicm] CICM Channels and GSS (was Re: IETF Wo… Nico Williams