RE: D-AR0062.2: Authentication for data from Joseph Hui on 2002-05-03 (www-ws-arch@w3.org from May 2002)

From: Joseph Hui <jhui@digisle.net>
Date: Fri, 3 May 2002 11:43:33 -0700
To: "ECKERT,ZULAH (HP-Cupertino,ex1)" <zulah_eckert@hp.com>, "Bick, Bob (LNG)" <robert.bick@lexisnexis.com>, "Hugo Haas" <hugo@w3.org>, <www-ws-arch@w3.org>
Message-ID: <C153D39717E5F444B81E7B85018A460B081B27E7@ex-sj-5.digisle.com>
> -----Original Message-----
> From: ECKERT,ZULAH (HP-Cupertino,ex1) [mailto:zulah_eckert@hp.com]
> Sent: Friday, May 03, 2002 11:02 AM
> To: Joseph Hui; Bick, Bob (LNG); Hugo Haas; www-ws-arch@w3.org
> Cc: ECKERT,ZULAH (HP-Cupertino,ex1)
> Subject: RE: D-AR0062.2: Authentication for data
> 
> Joe,
> 
> Isn't this commonly refered to as Data Origin Authentication 
> (as opposed to "data authentication")?

Not exactly, though in some loose context some writer treat the two interchangeably.
Here's the nuance.  Data Origin Authentication is more like confirming
to Bob that the data came from Alice, but it doesn't tell whether the 
data has been altered (so Bob doesn't have to compute the checksum or
message digest for verifying data integrity.)  Of course, in real life
what good is to Bob to know the message came from Alice but not know
if the message has been altered, if Bob and Alice are serious about
security?  This leads to data authentication.
Data authentication means confirming to Bob the data came from Alice and it
has not been altered.  It encompasses Data origin authc and data integrity.  
E.g. Alice and Bob did a TLS handshake, through their sharing of 
a master secret, they share a set of keying material for deriving
the symmetric keys known only between them.
One of the symmetric keys is for computing the HMAC-SHA1, say H.
Before sending a message M to Bob, Alice computes a message digest
with HMAC-SHA1, which is a message digest algorithm incorporating H,
resulting in D.  Alice sends M and D to Bob.  (Note that M can be in
either plaintext or ciphertext, depending on if Alice and Bob see a
need for Confidentiality.)  Bob now hashes M with H to get d.
If d == D, then voila -- Bob knows M came from Alice unaltered.

Joe Hui
Exodus, a Cable & Wireless service
=============================================

> 
> Zulah
> Hewlett-Packard Company
> 
> -----Original Message-----
> From: Joseph Hui [mailto:jhui@digisle.net]
> Sent: Friday, May 03, 2002 9:07 AM
> To: Bick, Bob (LNG); Hugo Haas; www-ws-arch@w3.org
> Subject: RE: D-AR0062.2: Authentication for data
> 
> 
> > -----Original Message-----
> > From: Bick, Bob (LNG) [mailto:robert.bick@lexisnexis.com]
> [snip]
> > I'd suggest we use the standard terms "data integrity" and 
> > "non-repudiation"
> > in that case rather than "data authentication". Perhaps this 
> > may be more
> > clear.
> 
> Data authentication IS a widely understood (or standard, if
> you so chose) term.
> 
> Do not confuse "data integrity" and "non-repudiation" with
> data authentication.  They are not the same.
> 
> Joe Hui
> Exodus, a Cable & Wireless service
> ==========================================
> > 
> > Bob
> > 
> > -----Original Message-----
> > From: Joseph Hui [mailto:jhui@digisle.net]
> > Sent: Thursday, May 02, 2002 9:12 PM
> > To: Hugo Haas; www-ws-arch@w3.org
> > Subject: RE: D-AR0062.2: Authentication for data
> > 
> > 
> > Data authentication -- authenticate that the data came from 
> the right
> > source.
> > Getting acquainted with HMAC may help further.
> >                       
> > E.g. asking you to produce a driver's license authenticates you (by
> > biometrics)
> > to me that you're Hugo.  That's __peer (or party, or source)
> > authentication__.
> > Computing the hash of a message that incorporates a secret 
> > shared by you and
> > me
> > allows me to authenticate that the message has not been 
> altered and it
> > came from you.  That's __data authentication__.  HMAC is one 
> > way of doing
> > this.
> > Digital Signature is another way; but it requires Public Key 
> > Encryption
> > (PKE),
> > thus a bit more expensive.
> > 
> > Joe Hui
> > Exodus, a Cable & Wireless service
> > ==================================================
> > > -----Original Message-----
> > > From: Hugo Haas [mailto:hugo@w3.org]
> > > Sent: Thursday, May 02, 2002 2:02 PM
> > > To: www-ws-arch@w3.org
> > > Subject: D-AR0062.2: Authentication for data
> > > 
> > > 
> > > My apologies, I was talking about D-AR0062.2, not D-AR006.2.1.
> > > 
> > > * Hugo Haas <hugo@w3.org> [2002-05-02 16:59-0400]
> > > > D-AR0062.2 reads:
> > > > 
> > > >           + D-AR0062.2 The security framework must include 
> > > Authentication
> > > >             for data (sent and received by 
> communicating parties).
> > > > 
> > > > D-AR0062.1 talks about parties authentication. D-AR0062.5 
> > > talks about
> > > > data integrity. It is not clear to me what data 
> authentication is.
> > > 
> > > -- 
> > > Hugo Haas - W3C
> > > mailto:hugo@w3.org - http://www.w3.org/People/Hugo/ - 
> > > tel:+1-617-452-2092
> > > 
> > > 
> > 
>
Received on Friday, 3 May 2002 15:15:30 UTC