Re: Hand Waving vs. Rigorous Analysis... (was Security Engineeringvs. Crypto Academics...)

From: Lassi Hippeläinen (lahippel_at_ieee.orgies.invalid)
Date: 09/15/04 

Date: Wed, 15 Sep 2004 06:35:06 GMT

Ernst Lippe wrote:
<...>
> There are two major weaknesses in this system, and they are not at all related
> to key management as I understand the term. First, permission management for
> a large user group is very difficult from an organizational point of view. Any
> modifications to the permission databased should only be made by authorized
> personel.

This is a real problem. The real fun begins, when support for dynamic
membership is added to the game. New members may join the group in the
middle of a session, and old members may be revoked. I haven't seen any
working system where those actions could be done in real time. Usually
the stream is broken to fragments with a separate key, and the keys are
distributed to members as late as possible. Still there is a time
window, when authorised recipients (the new members) can't receive the
stream, and unauthorised ones (revoked members) can.

-- Lassi

Relevant Pages

  • Re: Hand Waving vs. Rigorous Analysis... (was Security Engineeringvs. Crypto Academics...)
    ... >> related to key management as I understand the term. ... Any modifications to the permission ... and old members may be revoked. ... are many situations where these additional expenses could be ...
    (sci.crypt)
  • Re: Binary serialization
    ... Previously I would use a file write routine that worked ... DATA members from the class in question the method of writing each ... the base class where you collect the data in to a byte array which is ... then written to the stream by the base class. ...
    (microsoft.public.dotnet.general)
  • Doing the Right Thing with IPersistStream
    ... I have a custom data log file format that I want to turn into a COM ... write the # of members to the stream, then write each member to the ... shadowing it to a disk file for each new section of the datalog, ...
    (microsoft.public.vc.atl)
  • Re: regarding the UPA blog
    ... issues in real time. ... most blogs) so you cant get a read on what other members feel about ... control aspect of ultimate that seems to get he so wet. ... Its really a lame blog though, even lamer than wtut.....but at least ...
    (rec.sport.disc)
  • Re: Design question...
    ... All members are static. ... For some reason I'm stuck on the following design question. ... Should this stream be created every time the log needs to be written, or should the stream be a member variable of the logging class and only be opened and closed once per application lifetime. ... This seems like a simple question but for some reason I can't decide which is the right way to do this. ...
    (microsoft.public.dotnet.languages.csharp)
Quantcast