The PKC-only application security model ...
Anne & Lynn Wheeler
lynn at garlic.com
Wed Jul 23 21:42:45 EDT 2008
Thierry Moreau wrote:
> Anne & Lynn Wheeler wrote about various flavors of certificateless
> public key operation in various standards, notably in the financial
> industry.
>
> Thanks for reporting those.
>
> No doubt that certificateless public key operation is neither new nor
> absence from today's scene.
>
> The document I published on my web site today is focused on fielding
> certificateless public operations with the TLS protocol which does not
> support client public keys without certificates - hence the
> meaningless security certificate. Nothing fancy in this technique,
> just a small contribution with the hope to facilitate the use of
> client-side PKC.
this post references scenario for replacing the SSL server domain name
certificates with a certificate-less public key infrastructure
http://www.garlic.com/~lynn/2008k.html#49 The PKC-only application
security model
the first reply
http://www.garlic.com/~lynn/2008k.html#48 The PKC-only application
security model
mentions certificate-less X9.59 (financial transaction),
certificate-less KERBEROS (large number of infrastructure and
application authentication operation) and certificate-less RADIUS
(possibly dominant client authentication infrastructure in the world
today used by lots of ISP, corporate intranets, webhosting operations, etc).
RADIUS provides a generalized authentication, authorization, and
accounting infrastructure ... where AAA specifics can be specified on an
account or client basis (i.e. including being able to easily
accomodating both password and public key concurrently).
http://www.garlic.com/~lynn/subpubkey.html#radius
There are even RADIUS "plug-ins" for webservers for doing webserver
client authentication.
A combination of replacing SSL server domain name certificates with
certificate-less server operation and
and using certifcate-less RADIUS (client) authentication ... covers
mutual (client & server) operation.
RADIUS references from our rfc index:
http://www.garlic.com/~lynn/rfcietff.htm
click on "Term (term->RFC#)" field and then click on "RADIUS" (in the
"Acronym fastpath"):
Remote authentication dial in user service (RADIUS)
see also authentication , network access server , network services
5176 5090 5080 5030 4849 4818 4679 4675 4673 4672 4671 4670 4669 4668
4603 4590 4372 4014 3580 3579 3576 3575 3162 2882 2869 2868 2867 2866
2865 2809 2621 2620 2619 2618 2548 2139 2138 2059 2058
....
clicking on any of the RFC numbers, retrieves the RFC summary in the
lower frame. Clicking on the ".txt=nnn" field (in a RFC summary)
retrieves the actual RFC.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list