[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Design proposal: crypto-capable generic interface

>Date: Sat, 18 Nov 1995 00:42:21 -0800 (PST)
>From: Raph Levien <[email protected]>

>   First, a few words about what I consider to be good interface that
>can support plug-in crypto.


>   I propose that the new interface lives as a sort of daemon, rather
>than a static collection of command line script pieces. 

Danger, Will Robinson!  (see below)


>   Once the negotation has been established, the application can send
>the daemon MIME objects that the app does not understand but the
>daemon does (for example, an image/fractal). The daemon can return a
>MIME object that the app does understand (for example, an image/ppm).

This part sounds good...a sort of master translation service.

>   Alternatively, the daemon may request an authentication. This is
>useful when resolving external bodies that require authentication,
>including non-anonymous FTP, and standard authenticated HTTP. In this
>case, the daemon sends a message to the app requesting the
>authentication. It specifies whether it needs both username and
>password, or just password. In the latter case, it hands a username to
>the application.
>   The application can then query the user for the authentication
>data. It hands this back to the daemon. In reply, the daemon indicates
>success or failure. In case of success, it hands the object back to
>the app.

Now I get worried.  This communication with the demon is via some IPC --
maybe even via a LAN.  Some things can't be distributed safely and
authentication is #2 on my list.

>   Encryption is a bit more tricky, but in essence you just hang a
>premail-alike off this kind of protocol. The hard part is specifying
>the key, but you just call it a "parameter" and put in hooks for the
>daemon to ask for whatever parameters it needs. 

Crypto keys are #1 on my list of things you can't distribute (unless they
are wrapped, of course).

>						 This requires that
>keys have some nonforgeable names, which is unfortunately not a
>feature of PGP 2.6.2. S/MIME will do it just fine, if you buy into the
>Certifcation Authority (<wink> at Nick Szabo).

Public keys, if that's what you're talking about, have perfectly good
nonforgeable names -- themselves.  They are unique.  They are the proper
name which can collect all the attributes of that key which are of interest
(e.g., permission to spend $, name of a human who knows the private key,
attributes about that human, etc.).

>   One final aside: I've been fairly frustrated with this mailing list
>as a forum for talking about real design proposals and implementation
>issues. Ignorant posts by the likes of Dr. Fred and Alice d'Clueless
>tend to attract far more attention than real crypto work. I want a
>forum for, and just for, cypherpunks who write code. If I had just a
>smidgen more free time (as if), I'd be trying to start one
>myself. Anyone else?

I've seen this happen several times.  As a list gets popular, it
diversifies.  You might try sci.crypt.research -- since it's moderated.

 - Carl

|Carl M. Ellison      [email protected]    http://www.clark.net/pub/cme	   |
|Trusted Information Systems, Inc.   http://www.tis.com/                   |
|3060 Washington Road          PGP 2.6.2:  61E2DE7FCB9D7984E9C8048BA63221A2|
|Glenwood MD  21738         Tel:(301)854-6889      FAX:(301)854-5363       |