[852] in Kerberos
Re: Kerberos, standards, servers, PKE, etc...
daemon@ATHENA.MIT.EDU (James M Galvin)
Wed Dec 20 10:48:11 1989
Reply-To: James M Galvin <galvin@TIS.COM>
To: Denis.Russell%newcastle.ac.uk@NSFNET-RELAY.AC.UK
Cc: kerberos@ATHENA.MIT.EDU
In-Reply-To: Your message of Wed, 20 Dec 89 11:58:45 GMT.
From: James M Galvin <galvin@TIS.COM>
2) Public keys and "signatures".
The use of signatures depends even more than communication
and printed directories on the long term integrity of the
keys. Any "signature" is valid, only as long as the key
has not been compromised.
You need to be careful to separate technical issues from business/application
issues. In particular, if you extend the paradigm stated in The OSI
Directory, "authentication is only valid at the time it occurs", then a
signature is only valid at the time it is signed.
Your concern about non-repudiation is real, and your solution is typical,
but it is not a technical problem in as much as digital signatures are not
exactly the same as written signatures.
5) RSA is patented in the USA (except for the Government and
MIT?).
In any case, the adoption of anything as
an international standard normally requires that it not be
proprietary. Recently I have witnessed a heated argument
between a representative of RSA Inc and the co-chairman of
an IEEE committee on this very point (i.e. if THEY can't
agree, I think this list would only be wasting its time
discussing this point - just lets note it).
Please note, RSA has not been adopted as an international standard. The
Annex comprising its specification is not an integral part of the standard.
I understand this is a minor point, practically speaking, but an important
one nonetheless.
Further, the Directory Services SIG of the OSI Implementor's Workshop
has identified an alternative digital signature algorithm and has created
agreements explaining how to use it, for just the reasons you cite. Thus,
they are not mandating any particular algorithm and they are going to
great pains to be sure there is an option, given the constraints to
non-government, US organizations.
Jim
