[pubcookie-dev] keyserver access control proposal
Nathan Dors
dors at cac.washington.edu
Mon Jan 5 15:28:20 PST 2004
- Next message: [pubcookie-dev] WEBISO CVS update: willey;
securid_stub.c,1.13,1.13.2.1 index.cgi.c,1.108.2.7,1.108.2.8
libpubcookie.c,2.60.2.3,2.60.2.4 flavor_basic.c,1.42.2.7,1.42.2.8
pbc_logging.h,1.16.2.1,1.16.2.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
The pubcookie 3.0 keyserver provides no internal access-control
mechanism, i.e., any keyclient connection that passes the SSL/TLS
requirement can get and set a key and participate in a site's
pubcookie deployment.
We propose (and have actually implement most of) the following
solution, based around a site's current "keys" directory, to
provide simple, flexible access control. This solution should be
sufficient for sites that like to add new sites manually, as well
as for sites that want to automate the registration process for new
application servers.
Here's the solution:
o Since the login server's "keys" directory implicitly defines
which hosts have been issued DES keys and therefore can
participate in a site's pubcookie deployment, we've modified
the keyserver to use the presence of a host file in the keys
directory to imply permission for that host to get and set
keys via keyserver.
o To add a new empty host file to the keys directory, the Unix
keyclient has been given a new "permit" option. Administrators
can use this option to authorize new participating hosts. Once
they've done this for a host, keyserver will accept new DES key
requests from that host.
o To control which hosts can use the "permit" option, keyserver
recognizes a new "keyserver_client_list" config variable.
Administrators can use this variable to define the trusted
hosts (probably just one or two) that they will use to
authorize new participating hosts.
These features have been implemented and are in cvs now.
However, at present, the lack of a "keyserver_client_list" allows
any host to make "permit" requests. This mimics the historically
wide-open nature of keyserver, but it doesn't seem right. So, we
propose an additional change:
o By default, if keyserver finds no "keyserver_client_list"
config variable, then no keyclients can use the permit option
to add new host files to the keys directory.
Does anyone disagree with this overall approach or think we need
to provide sites with the ability to leave their keyservers wide open?
-Nathan
- Next message: [pubcookie-dev] WEBISO CVS update: willey;
securid_stub.c,1.13,1.13.2.1 index.cgi.c,1.108.2.7,1.108.2.8
libpubcookie.c,2.60.2.3,2.60.2.4 flavor_basic.c,1.42.2.7,1.42.2.8
pbc_logging.h,1.16.2.1,1.16.2.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the pubcookie-dev
mailing list