Path: utzoo!attcan!uunet!cs.utexas.edu!tut.cis.ohio-state.edu!ucbvax!topexpress.co.UK!cgg From: cgg@topexpress.co.UK (Gray Girling) Newsgroups: comp.protocols.iso Subject: Upper layers security Message-ID: <17949.8906301144@vega.topexp.co.uk> Date: 30 Jun 89 11:44:39 GMT Sender: daemon@ucbvax.BERKELEY.EDU Organization: The Internet Lines: 50 This is something of a delayed response to something Steve Kille said in the X-Windows on ACSE or Transport layer discussion: > Another reason for mapping onto ACSE is that it will give natural hooks for > authentication and encryption services, which you would not get from a > mapping onto transport. Is this how people see the ISO 7498-2 security services being incorporated into the upper layers? Two issues come to mind: 1) the choice of architectural places where security services could be obtained: They *could* be provided from an ACSE, or they could be provided by one or more separate "security" ASEs, or they could be available, somehow, directly from the Presentation layer [the use of encipherment is sometimes seen as something to do with the choice of transfer syntax] 2) the place of the encipherment mechanism: "encryption" is not (according to ISO 7498-2) a security service, it is only a mechanism that can be used to provide (one of a number) of them. Should the Presentation layer provide a real encipherment service for the Application layer to use, or should it reside as a mechanism in the Application layer? If the latter, given that communicating Application entities do not necessarily share the same syntax, how does this encipherment work? Has anyone any ideas? These questions are currently being addressed in the evolving upper layers security model - but are unresolved at the moment. Gray Girling ------------------------------------------------------------------------------- Gray Girling Telephone : (+44) 223 462121 Topexpress Ltd Telex : 817911 Topexp G Poseidon House, Castle Park Fax : (+44) 223 315057 Cambridge, CB3 0RD, UK E-Mail : cgg@uk.co.topexp -------------------------------------------------------------------------------