From: Bill Frantz <frantz@netcom.com>
Date: Fri, 30 Oct 1998 01:00:39 +0800
To: Hal Lockhart <smb@research.att.com>
Subject: Re: log files (was: Re: dbts: Cryptographic Dog Stocks, The  Dirigible Biplane, and Sending the Wizards Back to Menlo Park )
In-Reply-To: <199810281713.MAA29423@postal.research.att.com>
Message-ID: <v03110743b25ddd553df0@[209.109.232.112]>
MIME-Version: 1.0
Content-Type: text/plain



At 12:35 PM -0800 10/28/98, Hal Lockhart wrote:
>2) (Future) Allow only strongly authenticated users.  Either a) they are
>legitimate users whose identity is known and will presumably not try to
>hack the system, or b) they are attackers who have done something like
>steal the key of a legitimate user.  In the later case, I admit you might
>want to see what they are typing, but it will not give you any information
>about the underlying problem -- their ability to obtain unauthorized keys.

There is a long history of legitimate users who attempt to exceed their
authorization.  Double agents in the intelligence community and embezzlers
in the commercial world both come to mind.


-------------------------------------------------------------------------
Bill Frantz       | Macintosh: Didn't do every-| Periwinkle -- Consulting
(408)356-8506     | thing right, but did know  | 16345 Englewood Ave.
frantz@netcom.com | the century would end.     | Los Gatos, CA 95032, USA