RE: Authentication Mechanism Matrix (was L2TP vs IPSEC)

["Eorgoff, Michael" <MEorgoff@xxxxxxxxxxxx>]

I need to voice a strong agreement with the requirement for positive machine
authentication in the "public safety" (police and such) environments.  There
are government requirements for the maintaining of security of data that is
transferred to a user, and this also involves the machine that is being
used.

Mike Eorgoff
AEG Server Development
MDSI Mobile Data Solutions
One Pierce Place, Suite 1300W
Itasca, IL 60143  USA
Phone: 630-875-8644
Fax:   630-775-1552
mailto:meorgoff@xxxxxxxxxxxx
http://www.mdsi-advantex.com
NASDQ: MDSI


> -----Original Message-----
> From: Finney Charles E [mailto:FinneyCharlesE@xxxxxxxxxxxxx]
> Sent: Thursday, June 22, 2000 7:49 AM
> To: 'David Jablon'; CHINNA N.R. PELLACURU
> Cc: Hugo Krawczyk; 'IPSRA list'
> Subject: RE: Authentication Mechanism Matrix (was L2TP vs IPSEC)
> 
> 
> >> OK, let me try another example, If I have a smartcard that 
> has my key
> >> pair, and my certificate, and I carry it around, and plug it into a
> >> computer in an Internet Cafe, does that mean that now we are
> >> authenticating the machine in the Internet Cafe!
> >
> >No.  Here the machine is trusted implicitly.  Any kiosk that 
> I control
> >(I'm a hypothetical evil entity) can abuse your card to secretly buy
> >my Mom some flowers, in addition to completing your transaction.
> >No crypto protocol helps here.  This problem is out of our scope.
> 
> 	It seems the card holder trusted the machine, this does 
> not imply
> the receipent host should do likewise.  Deere & Company would 
> like very much
> to have a high degree of assurance the machine is Deere owned 
> and configured
> prior to authorizing a connection.  Something like a cert 
> tied to a unique
> characteristic of the machine??  Buying flowers is one thing, 
> downloading
> corporate secrets to a foreign system is another.
> 
> 	Charlie Finney
> 	Technical Consultant
> 	Deere & Company
>