[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

re: GUCAPI









A few comments on GUCAPI postings follow.

1. It has been suggested that GSS-API is appropriate for layering over PGP
security functions, but this is incorrect, as GSS-API is inappropriate
for store-and-forward applications (and associated security
mechanisms), and hence isn't suitable for all applications which
have security requirements.

2. The application level interfaces for messaging applications must include
object protection semantics. One proposal being considered for this is
available by ftp as draft-ietf-cat-iop-gss-00.txt from ds.internic.net in
/internet-drafts. There is a BOF on this today at the IETF which other
CP IETF correspondent(s) may want to report on.

3. A distinction can and should be made between the higher level interfaces
which combine information protection and authentication, and the
lower level interfaces to cryptographic transforms and key exchanges
which aren't bundled with any trust model or certification 
infrastructure.

4. The lower level cryptographic interfaces (CAPIs) are the subject of
numerous proposals. A few of these were listed in the note I sent to the
list yesterday about the recent NIST meeting. One proposal being 
developed by major vendors (IBM, HP, Sun etc) and to be trialled in
practical implementations is available from X/Open, together with an 
associated email discussion list. Mail me if you want to be part
of the review process, or just track developments in this area. (This
is intended to be a net standard and an industry standard :-).

- pvm