[5184] in www-talk@info.cern.ch
Re: Minimal Authorization
daemon@ATHENA.MIT.EDU (Christian L. Mogensen)
Sun Aug 14 22:06:46 1994
Date: Mon, 15 Aug 1994 04:04:46 +0200
Errors-To: listmaster@www0.cern.ch
Errors-To: listmaster@www0.cern.ch
Reply-To: mogens@CS.Stanford.EDU
From: "Christian L. Mogensen" <mogens@CS.Stanford.EDU>
To: Multiple recipients of list <www-talk@www0.cern.ch>
Stephen D Crocker writes:
> I hadn't seen the reference to long lived keys before. That changes
> things considerably. In addition to strong authentication mechanisms,
> there has to be quite a lot of other infrastructure to support the
> kind of airtight archival that you're suggesting.
Well - the key for over-the-wire-access and the key for access from
archival storage could conceivably be different, n'est ce pas?
A sort of archive client-server within the server...
> > From: Karl Auerbach <karl@cavebear.com>
> > What I'm thinking is whether we need authenticators or signatures or
> > whatever that last for ten, twenty, fifty... years
> > Are these real risks or am I being a raving alarmist?
Nope - this is a real problem. Most of the people dealing with these
problems (guessing) work for large corporations or three-letter
government organizations.
Christian "Www-security anyone?
