[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Design proposal: crypto-capable generic interface
>Date: Sat, 18 Nov 1995 00:42:21 -0800 (PST)
>From: Raph Levien <[email protected]>
> First, a few words about what I consider to be good interface that
>can support plug-in crypto.
[...]
> I propose that the new interface lives as a sort of daemon, rather
>than a static collection of command line script pieces.
Danger, Will Robinson! (see below)
[...]
> Once the negotation has been established, the application can send
>the daemon MIME objects that the app does not understand but the
>daemon does (for example, an image/fractal). The daemon can return a
>MIME object that the app does understand (for example, an image/ppm).
This part sounds good...a sort of master translation service.
> Alternatively, the daemon may request an authentication. This is
>useful when resolving external bodies that require authentication,
>including non-anonymous FTP, and standard authenticated HTTP. In this
>case, the daemon sends a message to the app requesting the
>authentication. It specifies whether it needs both username and
>password, or just password. In the latter case, it hands a username to
>the application.
> The application can then query the user for the authentication
>data. It hands this back to the daemon. In reply, the daemon indicates
>success or failure. In case of success, it hands the object back to
>the app.
Now I get worried. This communication with the demon is via some IPC --
maybe even via a LAN. Some things can't be distributed safely and
authentication is #2 on my list.
> Encryption is a bit more tricky, but in essence you just hang a
>premail-alike off this kind of protocol. The hard part is specifying
>the key, but you just call it a "parameter" and put in hooks for the
>daemon to ask for whatever parameters it needs.
Crypto keys are #1 on my list of things you can't distribute (unless they
are wrapped, of course).
> This requires that
>keys have some nonforgeable names, which is unfortunately not a
>feature of PGP 2.6.2. S/MIME will do it just fine, if you buy into the
>Certifcation Authority (<wink> at Nick Szabo).
Public keys, if that's what you're talking about, have perfectly good
nonforgeable names -- themselves. They are unique. They are the proper
name which can collect all the attributes of that key which are of interest
(e.g., permission to spend $, name of a human who knows the private key,
attributes about that human, etc.).
> One final aside: I've been fairly frustrated with this mailing list
>as a forum for talking about real design proposals and implementation
>issues. Ignorant posts by the likes of Dr. Fred and Alice d'Clueless
>tend to attract far more attention than real crypto work. I want a
>forum for, and just for, cypherpunks who write code. If I had just a
>smidgen more free time (as if), I'd be trying to start one
>myself. Anyone else?
I've seen this happen several times. As a list gets popular, it
diversifies. You might try sci.crypt.research -- since it's moderated.
- Carl
+--------------------------------------------------------------------------+
|Carl M. Ellison [email protected] http://www.clark.net/pub/cme |
|Trusted Information Systems, Inc. http://www.tis.com/ |
|3060 Washington Road PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2|
|Glenwood MD 21738 Tel:(301)854-6889 FAX:(301)854-5363 |
+--------------------------------------------------------------------------+