Re: [DotGNU]Token System Specs

dotgnu-general

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [DotGNU]Token System Specs

From:	Barry Fitzgerald
Subject:	Re: [DotGNU]Token System Specs
Date:	Fri, 20 Jul 2001 00:33:25 -0400

Jeremy Petzold wrote:
> 
> Barry,
> 
> I read the token specs, very nice :)
> one thing, does the client system have a way to verify
> that it actually sent the rls like a watermark that it
> had attached to the rls that returns to it when the
> query happens? if not I think that it would be
> important to have so that a script kiddie, doing a
> portscan on Aunt Bea's computer, can't send a bogus
> query for information, even if it is her lowest
> security priority like favorite color, its no ones
> bussiness but her's and the people she authorizes.
> 
> -Jeremy

Why thank you :)

Well, the tokens will have to be encapsulated in some form of transport
protocol.  The obvious choice is TCP/IP and HTTP.  However, perhaps we
can extend this and have something akin to a PKI certificate system in
place to ensure that this works, even going so far as to have encrypted
keys with a request number embedded inside of them.

        -Barry

[Prev in Thread]

Current Thread

[Next in Thread]

[DotGNU]Token System Specs, Jeremy Petzold, 2001/07/18
- Re: [DotGNU]Token System Specs, Barry Fitzgerald <=

Prev by Date: [DotGNU]Productive Time
Next by Date: Re: Fwd: Re: [Arch]Re: [DotGNU]Fwd: Compatibility is king (E-Mail from RMS)
Previous by thread: [DotGNU]Token System Specs
Next by thread: [DotGNU]Please help, customer wants to buy 4million barrels of oil
Index(es):
- Date
- Thread