Re: Minimal Authorization

Stephen D Crocker (crocker@tis.com)
Sat, 13 Aug 1994 21:44:51 +0200

Karl,

I hadn't seen the reference to long lived keys before. That changes
things considerably. In addition to strong authentication mechanisms,
there has to be quite a lot of other infrastructure to support the
kind of airtight archival that you're suggesting.

I think this is well beyond the scope of the discussion most of this
list is interested in. The web is the Internet's version of instant
gratification, a 90s kind of thing. Long lived? Future? Lawyers?
Naw.

Steve

> Reply-To: karl@cavebear.com
> Sender: www-talk@www0.cern.ch
> From: Karl Auerbach <karl@cavebear.com>
> To: Multiple recipients of list <www-talk@www0.cern.ch>
> Date: Sat, 13 Aug 1994 21:23:48 +0200
> Subject: Re: Minimal Authorization
>
>
>
> >>zealot, passwords in the clear are no longer an acceptable risk. At
> >>the very least, a challenge-response system is necessary.
>
> I too appreciate the fact that Steve is listening in.
>
> What triggered this message is the question:
>
> Do we have any security requirements that require extremely
> long lived keys?
>
> What I'm thinking is whether we need authenticators or signatures or
> whatever that last for ten, twenty, fifty... years
>
> I'm concerned about the needs of archivists, research folk, lawyers,
> etc. who will sometime in the distant future need to dig through all
> this stuff that is going to be published.
>
> Are these real risks or am I being a raving alarmist?
>
> --karl--