[32] in WWW Security List Archive
Re: GSS API...
daemon@ATHENA.MIT.EDU (Roger Masse's the named)
Tue Aug 16 20:03:12 1994
To: Jeff Hostetler <jeff@spyglass.com>
cc: www-security@ns1.rutgers.edu
In-reply-to: Your message of "Tue, 16 Aug 94 15:18:33 MDT."
<9408162018.AA24565@fido.spyglass.com>
Date: Tue, 16 Aug 94 16:40:05 -0400
From: "Roger Masse's the named" <rmasse@CNRI.Reston.VA.US>
>> I wrote:
>> I assume the server sends an encrypted copy of the requested
>> document to the client to avoid unauthorized access to the
>> document via a sniffing attack?
>Jeff Hostetler writes:
>I'm not sure I understand what you mean here.
>In the example, I'm assuming that the document is public-with-copyright
>(as opposed to a document protected under a need-to-know policy) and
>that the user is entitled to know of the document's existence and upon
>payment (or proper kerberos-like authorization) entitled to a clear-text
>copy of it.
Transmitted in clear text from Service Provider to client? Won't
Service Providers be wary of the clear text packets being sniffed
by non-token-holding entities?
>Even if we timestamp or in some other manner uniquely mark
>each paid-for copy of the document (to facilitate an after-the-fact
You speak of watermarks, which may be the answer, short of standardizing
on some hardware/decryption/printer device, which would probably
not gain wide-spread acceptance.
>trace/audit), the user could still just edit the document and
>rip it out.
What if we output the document at a bitmap instead of ascii or
unicode? Can we make the 'just edit' process difficult enough
to keep service providers convinced it's at least as good as
hardcopy?
Regards,
Roger E. Masse, Systems Engineer
Corporation for National Research Initiatives
1895 Preston White Drive, Suite 100
Reston, Virginia, USA 22091
Internet: rmasse@CNRI.Reston.VA.US
