Re: Minimal Authorization

Karl Auerbach (
Sat, 13 Aug 94 12:20:21 PDT

>>zealot, passwords in the clear are no longer an acceptable risk. At
>>the very least, a challenge-response system is necessary.

I too appreciate the fact that Steve is listening in.

What triggered this message is the question:

Do we have any security requirements that require extremely
long lived keys?

What I'm thinking is whether we need authenticators or signatures or
whatever that last for ten, twenty, fifty... years

I'm concerned about the needs of archivists, research folk, lawyers,
etc. who will sometime in the distant future need to dig through all
this stuff that is going to be published.

Are these real risks or am I being a raving alarmist?