Re: PublicKeyFile Format Security Considerations

To: <sommerfeld%east.sun.com@localhost>
Subject: Re: PublicKeyFile Format Security Considerations
From: "Brent McClure" <mcclure%swcp.com@localhost>
Date: Fri, 25 Jul 2003 17:45:47 -0600

----- Original Message ----- 
From: "Bill Sommerfeld" <sommerfeld%east.sun.com@localhost>
To: "Brent McClure" <mcclure%swcp.com@localhost>
Cc: <ietf-ssh%NetBSD.org@localhost>
Sent: Friday, July 25, 2003 5:25 PM
Subject: Re: PublicKeyFile Format Security Considerations 


> >   The file format described by this document provides no mechanism
> >   to verify the integrity or otherwise detect tampering of the
> >   data stored in such files. It is the responsibility of the parties
> >   that create or exchange files written in this format to ensure that 
> >   appropriate access controls are applied to such files, and that 
> >   the files, if transfered, are exchanged over a trusted channel.
> > 
> >   The data encoded using this file format is sensitive. 
> 
> "sensitive" in what sense?  

In the sense that it's important for authentication. Ie, if the data 
causes the wrong thing to happen it could be bad thing. Saying "sensitive"
seemed vague when I wrote it. 

How about:

  The data encoded using this file format is critical for authentication
  to work correctly.

Or, I'm open to suggestions.

--Brent

References:
- Re: PublicKeyFile Format Security Considerations
  - From: Bill Sommerfeld

Prev by Date: Re: PublicKeyFile Format Security Considerations
Next by Date: Re: PublicKeyFile Format Security Considerations
Previous by Thread: Re: PublicKeyFile Format Security Considerations
Next by Thread: Re: PublicKeyFile Format Security Considerations
Indexes:

Home | Main Index | Thread Index | Old Index