Re: Minimal Authorization

Christian L. Mogensen (mogens@CS.Stanford.EDU)
Mon, 15 Aug 1994 03:59:42 +0200

Stephen D Crocker writes:

> I hadn't seen the reference to long lived keys before. That changes
> things considerably. In addition to strong authentication mechanisms,
> there has to be quite a lot of other infrastructure to support the
> kind of airtight archival that you're suggesting.

Well - the key for over-the-wire-access and the key for access from
archival storage could conceivably be different, n'est ce pas?

A sort of archive client-server within the server...

> > From: Karl Auerbach <karl@cavebear.com>
> > What I'm thinking is whether we need authenticators or signatures or
> > whatever that last for ten, twenty, fifty... years

> > Are these real risks or am I being a raving alarmist?

Nope - this is a real problem. Most of the people dealing with these
problems (guessing) work for large corporations or three-letter
government organizations.

Christian "Www-security anyone?