Re: WWW access and ensuring confidentiality

Marc VanHeyningen (mvanheyn@cs.indiana.edu)
Fri, 02 Apr 1993 12:55:28 -0500

Thus wrote: Dave_Raggett
>Here at Hewlett Packard, we need a way of preventing unauthorised
>access to information, but want to take advantage of the WWW for
>sharing information with colleagues.
>
>Please give me your comments on our proposed solution.
>
>I am working on a solution that makes use of UNIX's established
>security mechanisms and making it easy for non-technical types
>to manage things for themselves without the need to call out
>the support staff.

I've thought about implementing something like this, and I think
that's a reasonable starter solution.

(I'm sure you know all this already, but I'll mention it anyway...)

- If you want more than token security, passwords flying around the
network in the clear is obviously a Bad Thing.
- Since the data is passed across the net in the clear, disclosure
protection may or may not be attained; it depends whether this is
going on a LAN or a WAN or what.

Kerberos type models are possible, but I don't think the current HTTP2
standard could work with kerberos (I believe this would require a
fundamental change in the request-response to something like
request-challenge-reply-response, which is a big change. Or am I
recalling the changes to version 5 incorrectly?)

Ultimately, the general solution should be simple enough; since we're
already using MIME mail-like mechanisms for content identification,
once MIME and PEM are made interoperable (standards should be out
soon), you can have signed PEM (or PEM-like) requests and encrypted
responses. There would be some trickiness, since the headers of the
response message are among what needs to be authenticated. The bad
part is that PEM isn't here today, and may not be here any time
particularly soon. But it's obviously the right solution in the long
run, particularly since the certification hierarchy would allow the
kind of legal mechanisms for non-deniability of origin and disclosure
protection that would be highly desirable for, say, a publisher to
make copyrighted works available via WWW for a modest fee.

Since I'm already posting to the list, anyone who is in the process of
trying to write a WWW server in perl may wish to glance at a brief
commentary in http://cs.indiana.edu/perl-server/intro.html that I
made; this includes some discussion of the design guidelines involved
in its creation (which are probably rather controversial) and the
code. It's not code that you can just pop in and run on your machine,
but your friendly neighborhood perl hacker might find it interesting
to look at.

- Marc

--
Marc VanHeyningen   mvanheyn@cs.indiana.edu   MIME & RIPEM accepted
In fact, if you live in the USA, and you are not a Federal agency, you
shouldn't actually run PGP on your computer.
		- Phil Zimmermann