[cryptography] CICM Channels and GSS (was Re: IETF Working Group Charter on Common Interface to Cryptographic Modules (CICM))
lnovikov at mitre.org
Fri Jun 24 15:08:54 EDT 2011
On 2011-06-23 20:08, Nico Williams wrote:
> Nothing stops you from building an application that has several
> sub-channels built on existing technologies.
> I'd be happy with you specifying such a protocol as long as it is on
> top of existing secure channel technology, or, as long as you show why
> that just won't do (I'm open to that possibility). (I could also end
> up on the rough side of consensus, but I'd rather make CICM palatable
> to a larger audience.)
> Also, you can structure privilege separation with only one channel.
> And you can bind multiple authentications into one channel (for an
> example of this see RPCSEC_GSSv3). You'll want to make sure that
> you cover why such alternatives are not appropriate.
> GSS wrap tokens cover both, confidentiality (optional) and integrity
> protection automatically for you; no need to think about how to do
> authenticated encryption.
> Some of the experts you need are in the KITTEN WG. I'm sure KITTEN WG
> participants will be happy to talk to you about these issues, or to
> put you in contact with other KITTEN WG participants. We have been
> *adding* to the GSS-API to make it meet our needs. Surely you might
> consider the same approach?
> In this case it seems I have to educate myself as to your needs,
> but I'm not sure that you and/or other CICM proponents are really up
> to date on the GSS-API. I don't mean that you should be an expert in
> the GSS-API before setting out to build something like CICM, but it
> would be good to make sure that CICM, or parts of it, are not
> predicated on misconceptions about existing APIs.
Clearly, I need to make a better effort at being educated about GSS-API.
I'll be in touch with the KITTEN folks, per your suggestion.
In brief, you'd like to know CICM can't use GSS-API and:
* use existing secure channel technologies,
* enforce privilege separation in a single channel,
* bind multiple authentications into a single channel,
* or extend GSS-API to meet (other) high assurance needs?
Am I missing anything?
More information about the cryptography