Re: Symptoms vs. Causes

To: Eric Rescorla <ekr at networkresonance.com>
Subject: Re: Symptoms vs. Causes
From: Eliot Lear <lear at cisco.com>
Date: Wed, 12 Sep 2007 17:24:04 +0200
Authentication-results: ams-dkim-1; header.From=lear@cisco.com; dkim=pass (s ig from cisco.com/amsdkim1002 verified; );
Cc: ietf at ietf.org
Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=767; t=1189610659; x=1190474659; c=relaxed/simple; s=amsdkim1002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=lear@cisco.com; z=From:=20Eliot=20Lear=20<lear@cisco.com> |Subject:=20Re=3A=20Symptoms=20vs.=20Causes |Sender:=20; bh=32ctnQ2+m+7dTm8OBRrTYm4AxD/TssU3ZEV5S27Az9g=; b=ENl9e+N9DPAR2I+pYa6w4O/UP9NEMvAp7axB08vza5BJPYRbPwHZUOLQaf0A9Cpwsjr/a0+J uT7MfI1lgrvKs1PZcWUEVTomIHgaMdetS5QavWsgxqlVGJRr/L0xVQr8;
In-reply-to: <20070912151123.C3AB333C21@delta.rtfm.com>
List-help: <mailto:ietf-request@ietf.org?subject=help>
List-id: IETF-Discussion <ietf.ietf.org>
List-post: <mailto:ietf@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
References: <tsl4pi13ptg.fsf@mit.edu> <Pine.LNX.4.33.0709111345110.3313-100000@egate.xpasc.com> <20070911234949.523D433C21@delta.rtfm.com> <46E79C5D.7010103@cisco.com> <20070912135920.E0C0733C21@delta.rtfm.com> <46E7F599.4030207@cisco.com> <20070912142127.A7F2933C21@delta.rtfm.com> <46E7F882.4080400@cisco.com> <20070912144010.18B3A33C21@delta.rtfm.com> <46E800D5.1080205@cisco.com> <20070912151123.C3AB333C21@delta.rtfm.com>
User-agent: Thunderbird 2.0.0.6 (Macintosh/20070728)

Eric Rescorla wrote:

What's an "authentication module"? You seem to be assuming a particular system architecture that you haven't laid out.

Many others have. I myself did so in a USENIX Login: Winter Security issue some years ago. SubOS would be a software example. Potentially CardSpace could be made this way. Kerberos 5 is not far from this if you think of the authentication module being a KDC. Using today's vernacular, let this module be the identity provider and the authenticating service be a relying party. And finally, having a token or some sort of SmartER Card that can handle large numbers of credentials would all qualify as examples.

I'm not ready to say which one is quite right, or if there is another.

Eliot

_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

References:
- Re: Symptoms vs. Causes
  - From: Sam Hartman
- Re: Symptoms vs. Causes
  - From: David Morris
- Re: Symptoms vs. Causes
  - From: Eric Rescorla
- Re: Symptoms vs. Causes
  - From: Eliot Lear
- Re: Symptoms vs. Causes
  - From: Eric Rescorla
- Re: Symptoms vs. Causes
  - From: Eliot Lear
- Re: Symptoms vs. Causes
  - From: Eric Rescorla
- Re: Symptoms vs. Causes
  - From: Eliot Lear
- Re: Symptoms vs. Causes
  - From: Eric Rescorla
- Re: Symptoms vs. Causes
  - From: Eliot Lear
- Re: Symptoms vs. Causes
  - From: Eric Rescorla

Prev by Date: Re: Symptoms vs. Causes
Next by Date: Re: Required doc sections (Re: [saag] Next step on web phishing draft(draft-hartman-webauth-phishing-05.txt))
Previous by thread: Re: Symptoms vs. Causes
Next by thread: Re: Symptoms vs. Causes
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: Symptoms vs. Causes

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.