in WWW Security List Archive
Re: Barring Bros Was:Re: SLL protocol implementation ?
daemon@ATHENA.MIT.EDU (Vince L. Reed)
Tue Feb 28 13:24:33 1995
Date: Tue, 28 Feb 1995 08:47:24 -0600
From: firstname.lastname@example.org (Vince L. Reed)
>Shen is a collevction of ideas of how to manage trust. Given the failure of
>Barring bros yesterday placing limits on the exercise of certificates looks to
>be very important.
>We should look to create a stock market spec ASAP. The Barrings collapse could
>have been prevented by attaching attributes to the certificate (cf PKCS certs).
>The following is extrapolating the scheme I was looking at to make e-trade
>work for an organisation like CERN.
>If people are interested I could put out a draft RFC PDQ. I'm interested
>in >what peoples ideas on a standard attribute set might be. If anyone has
>stock >market experience then it would be a big advantage.
You bring up some excellent points. However, these points are not new to
those of us that have been in the security business for more than ten
years. The types of attributes that you are referring to are integrity
attributes in addition to the usual confidentiality attributes. We need
more people thinking along these lines because integrity controls are
usually harder to formulate because they tend to be more unique to the
application. Since my background is in policy development and analysis, I
appreciate what you are trying to do and I encourage you to pursue the RFC.
Vince Reed (Mail Stop ALAB)
The MITRE Corp., Secure Information Technology Dept.
1500 Perimeter Pkwy., Suite 310, Huntsville, AL 35802