1996-01-19 - authenticating intrahost crypto providers

Header Data

From: jleppek@suw2k.hisd.harris.com (James Leppek)
To: cypherpunks@toad.com
Message Hash: fae8072f8adbeffee7bd26ab0352ee91dd3aa97350b9998e91c782f364c205dc
Message ID: <9601181637.AA01592@suw2k.hisd.harris.com>
Reply To: N/A
UTC Datetime: 1996-01-19 11:13:57 UTC
Raw Date: Fri, 19 Jan 1996 19:13:57 +0800

Raw message

From: jleppek@suw2k.hisd.harris.com (James Leppek)
Date: Fri, 19 Jan 1996 19:13:57 +0800
To: cypherpunks@toad.com
Subject: authenticating intrahost crypto providers
Message-ID: <9601181637.AA01592@suw2k.hisd.harris.com>
MIME-Version: 1.0
Content-Type: text/plain



I have been doing some research on the development of an abstract
security services API(not just a CAPI) and have hit a road block. 
The problem revolves around the need to authenticate a 
security service provider to an application. I noticed 
that microsoft has followed a path of providing
a signature in each external provider but the feeling is that this
is not that difficult to circumvent. I have the same misgivings but cannot
come up with anything else. Are my misgivings unfounded???
What are some other possibilities to allow intrahost (application)
authentication of services. Do you need to actually have a cryptographic
binding of services?

Comments....

Jim Leppek
jleppek@suw2k.hisd.harris.com
Harris Corporation





Thread