Re: CompuServe Positions on Passphrases and TLS from Peter Lipp on 1996-07-23 (ietf-tls@w3.org from July to September 1996)

From: Peter Lipp <plipp@iaik.tu-graz.ac.at>
Date: Tue, 23 Jul 1996 14:08:19 +0100
To: Dan Simon <dansimon@microsoft.com>, "'ietf-tls@w3.org '" <ietf-tls@w3.org>
Message-Id: <960723140821.ZM5903@plipp>

On Jul 22, 11:09am, Dan Simon wrote:
> Personally, I consider authentication 
> to be far too sensitive a task to trust to applications.

Hm, and why? If I play the role of an application programmer, I consider 
authentication to be far too sensitive a task to trust to the operating 
system or something similar (;-). Its all a question of standpoint.

Especially in  the Web environment, the server needs to authenticate 
users, that might not necessarily be authenticated at the operating 
system level at all, at their system, and may only be authenticated at 
the application-level, considering the web-server an application. 

Regarding to TLS, it seems obvious to me that authentication of the 
machine fits very well into that layer, while authentication of the user 
<might> be something different (assuming the OSI-Model). Maybe, as TLS 
"traditionally" is incorporated into the applications, the architectural 
clarity, that Rohit aimed at (if I interpreted him correctly), 
apparently has been lost. 

> (Then again, I also consider authorization to be far too sensitive a
> task to trust to applications; how many operating systems, after all,
> treat file access control as an application-level matter?)  

You are an operating-systems person, aren't you :-). 

Of course it is the responsibility of the OS to protect the files, but 
isn't it the Web-Servers responsibility to protect the pages? If we 
assume a full integration of web-services into the OS, such that there 
no longer is a web-server per se, your wishes become true of course, and 
we only have to discuss/specify how a user on Unix authenticates himself 
to a MS-Windows-NT machine at the OS-level. Fine with me, but is this 
realistic for now?

Until then, I see that authorization needs to be done at the 
Server-level. And, if the server does not trust the OS, or TLS, 
authentication of the user needs to be done there too. I would prefer, 
for architectural reasons, to have a machine-level authentication of 
some sort at the transport level, and user-level authentication on the 
application level. 

Peter Lipp

-- 
Dr.Peter Lipp, 
Technische Universitdt Graz - University of Technology Graz
Institut f|r Angewandte Informationsverarbeitung und Kommunikationstechnologien
Klosterwiesgasse 32/I, A-8010 Graz, ++43 316 873-5513, Fax: ++43 316 873 5520
------------------------------------------------------------------------------
Was nutzt die beste Erziehung, die Kinder machen uns ja doch alles nach.

Received on Tuesday, 23 July 1996 08:08:06 UTC