Re: [LinkSec] Work in progress on a Security Architecture (one persons view)
At 01:16 PM 12/10/2002 -0500, Marcus Leech wrote:
>Not to trash Bob Moscovitz, but I think that when he did his presentation on
> "A Needham-Schroeder Method" at the CFI in Hawaii, he was trying to hide
> Kerberos in behind his talk. 802.10 Key Management looks like it already
> has Kerberos in mind when it talks about KDCs. I think it's important not
> to get too far into a particular *solution* until we understand what the
> problem is.
>
>It's important not to get too cozy with particular solutions at this stage
> of the development.
rather what I was looking at was managing authentication state within a
dynamic network. AAA talks about this and presents both models: where
state is maintained in the network or in the end device. For a number of
reasons I perfer the model of state in the end device, and
Needham-Schroeder presents this well. Probably too well.
I am working on a more architectual, less solution presentation.
Robert Moskowitz
Senior Technical Director
ICSA Labs
(248) 968-9809
Fax: (248) 968-2824
rgm@trusecure.com
There's no limit to what can be accomplished
if it doesn't matter who gets the credit