![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to mroe.idea CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDReno / contrib / isode-beta / others / X / ideas|
Return to mroe.idea CVS log | Up to [CSRG BSD Unix] / 43BSDReno / contrib / isode-beta / others / X / ideas |
1.1 ! root 1: (Message inbox:23) ! 2: To: Steve Kille <[email protected]> ! 3: cc: Mike Roe <[email protected]>, Jon Crowcroft <[email protected]> ! 4: Subject: Re: Moron X Window protocol on ISODE TS ! 5: In-reply-to: Steve Kille's message of Tue, 17 Oct 89 08:15:08 +0100. ! 6: <[email protected]> ! 7: Date: Tue, 17 Oct 89 12:41:13 +0100 ! 8: From: Mike Roe <[email protected]> ! 9: ! 10: ! 11: > Forget transport layer authentication. If you want to add in authentication, ! 12: > do it where it fits "proerly". I think that the aim is a simple ! 13: > and reaonabvly efficient mapping of X. For this, cutting at the ! 14: > transport layer makes a lot of sense. But don't try hacking in bells ! 15: > and whistles. ! 16: ! 17: Firstly, I agree "X over TS" is an orthogonal issue to authentication, and ! 18: should be tackled separately. ! 19: ! 20: However, I'm now going to fall for it and ask "What's wrong with transport ! 21: level authentication?". ! 22: ! 23: Here, you have a stream of data between a sender and a receiver. (Ok, so the ! 24: stream consists of X protocol datagrams). All you want to do is convince the ! 25: receiver that everything came from the sender --- there is no need for ! 26: non-repudiation etc. ! 27: ! 28: Clearly, you want to insert a checksum into the stream every so often, at ! 29: least once per (application) datagram. Note that this ought to be a ! 30: simple hash (eg DES in CBC mode). Sending a full authenticator (Certification ! 31: path + RSA encrypted token) each time is unacceptably wasteful. ! 32: ! 33: Claim: The end of a TSDU or SSDU is as good a place as any to put the checksum. ! 34: ! 35: I can see some of the arguments against it : ! 36: ! 37: 1. (Pragmatic) As I said before, no agreed way to set up the key. ! 38: ! 39: 2. (Religious) It's the layer 7 entity you want to authenticate, not the T-layer ! 40: The T-layer should not have to know about application layer information. ! 41: ! 42: 3. The only time the Rx needs to look at the checksum is at the end of a ! 43: datagram, so it should be sent only at the end of a datgram. ! 44: From the standpoint of the 7 layer model, only application/presentation can ! 45: do this. ! 46: From the standpoint of the actual protocols, session can also do this, ! 47: as a P-DATA.REQUEST maps directly onto an S-DATA.REQUEST. ! 48: ! 49: Religious argument for it : ! 50: ! 51: The application layer doesn't know about the concrete encoding --- so it ! 52: can't calculate a checksum. ! 53: ! 54: While we're on this, the X.509 "SIGNED" and "ENCRYPTED" macros are somewhat ! 55: broken : They prevent you from negotiating a different transfer syntax! ! 56: ! 57: THESIS: Only the lower layers know which encoding to sign. ! 58: ANTITHESIS: Only application layer knows which key to use. ! 59: SYNTHESIS: Sometimes the seven layer model creates imaginary problems. ! 60: ! 61: Mike
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.