1994-12-07 - re: GUCAPI

Header Data

From: p.v.mcmahon.rea0803@oasis.icl.co.uk
To: cypherpunks@toad.com
Message Hash: d64840e6f46e66f0f298fb00f33a41009b8431548fb651be60242e49a38a0f2f
Message ID: <9412071749.AA07438@getafix.oasis.icl.co.uk>
Reply To: N/A
UTC Datetime: 1994-12-07 17:49:13 UTC
Raw Date: Wed, 7 Dec 94 09:49:13 PST

Raw message

From: p.v.mcmahon.rea0803@oasis.icl.co.uk
Date: Wed, 7 Dec 94 09:49:13 PST
To: cypherpunks@toad.com
Subject: re: GUCAPI
Message-ID: <9412071749.AA07438@getafix.oasis.icl.co.uk>
MIME-Version: 1.0
Content-Type: text/plain








A few comments on GUCAPI postings follow.

1. It has been suggested that GSS-API is appropriate for layering over PGP
security functions, but this is incorrect, as GSS-API is inappropriate
for store-and-forward applications (and associated security
mechanisms), and hence isn't suitable for all applications which
have security requirements.

2. The application level interfaces for messaging applications must include
object protection semantics. One proposal being considered for this is
available by ftp as draft-ietf-cat-iop-gss-00.txt from ds.internic.net in
/internet-drafts. There is a BOF on this today at the IETF which other
CP IETF correspondent(s) may want to report on.

3. A distinction can and should be made between the higher level interfaces
which combine information protection and authentication, and the
lower level interfaces to cryptographic transforms and key exchanges
which aren't bundled with any trust model or certification 
infrastructure.

4. The lower level cryptographic interfaces (CAPIs) are the subject of
numerous proposals. A few of these were listed in the note I sent to the
list yesterday about the recent NIST meeting. One proposal being 
developed by major vendors (IBM, HP, Sun etc) and to be trialled in
practical implementations is available from X/Open, together with an 
associated email discussion list. Mail me if you want to be part
of the review process, or just track developments in this area. (This
is intended to be a net standard and an industry standard :-).

- pvm






Thread