Re: Adding security considerations text to draft-ietf-kitten-gssapi-domain-based-names
Tom Yu <tlyu@MIT.EDU> Thu, 04 January 2007 01:46 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1H2HgC-0003WR-Qv; Wed, 03 Jan 2007 20:46:04 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1H2HgB-0003WE-Ib for kitten@ietf.org; Wed, 03 Jan 2007 20:46:03 -0500
Received: from biscayne-one-station.mit.edu ([18.7.7.80]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1H2HgA-0001m0-9L for kitten@ietf.org; Wed, 03 Jan 2007 20:46:03 -0500
Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id l041k1km009181; Wed, 3 Jan 2007 20:46:01 -0500 (EST)
Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id l041k0bi028769 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 3 Jan 2007 20:46:00 -0500 (EST)
Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9) id l041k0Lu010701; Wed, 3 Jan 2007 20:46:00 -0500 (EST)
To: Sam Hartman <hartmans-ietf@mit.edu>
References: <tsltzz7gabj.fsf@cz.mit.edu>
From: Tom Yu <tlyu@MIT.EDU>
Date: Wed, 03 Jan 2007 20:46:00 -0500
In-Reply-To: <tsltzz7gabj.fsf@cz.mit.edu> (Sam Hartman's message of "Wed, 03 Jan 2007 14:49:20 -0500")
Message-ID: <ldvd55vd0o7.fsf@cathode-dark-space.mit.edu>
Lines: 37
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Scanned-By: MIMEDefang 2.42
X-Spam-Flag: NO
X-Spam-Score: 0.00
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 39bd8f8cbb76cae18b7e23f7cf6b2b9f
Cc: kitten@ietf.org
Subject: Re: Adding security considerations text to draft-ietf-kitten-gssapi-domain-based-names
X-BeenThere: kitten@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/kitten>
List-Post: <mailto:kitten@lists.ietf.org>
List-Help: <mailto:kitten-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@lists.ietf.org?subject=subscribe>
Errors-To: kitten-bounces@lists.ietf.org
An alternative which I prefer is the following: "With all service names, the mere existence of service name conveys meaningful information that may be used by initiators for making authorization decisions. Domain-based service names make stronger authorization assertions than do simple host-based service names; therefore, administrators of distributed authentication services should be aware of the significance of the service names for which they create acceptor credentials." I think it makes somewhat more clear that there is a qualitative change in the responsibilities of the administrators of the authentication infrastructure when domain-based service names become deployed. Quoting some prior private discussion: >>>>> "Sam" == Sam Hartman <hartmans-ietf@MIT.EDU> writes: Sam> Today MIT is very happy to hand out host, rvdsrv (don't ask), Sam> daemon , discuss and a few other principals to anyone who can Sam> demonstrate that they run a host. The assumption is that having Sam> such a principal doesn't say anything about the overall mit.edu Sam> namespace; it is simply a service running on that host. Sam> The first time you introduce a service whose clients expect the Sam> service to be domain-wide, you need to make a new decision when Sam> handing out a a key: is this principal allowed to speak for the Sam> entire namespace. It may be the case that ldap in current client Sam> implementations actually already works this way even without the Sam> domain based names draft. But host and a number of other Sam> services definitely do not. The first time you add a domain Sam> based service, you take on a new responsibility in namespace Sam> management. Previously you needed to ask whether you were giving Sam> a key to the person responsible for the machine on which it runs. Sam> You still need to ask that, but you also need to ask whether that Sam> machine is allowed to represent the entire domain. _______________________________________________ Kitten mailing list Kitten@lists.ietf.org https://www1.ietf.org/mailman/listinfo/kitten