Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!utgpu!water!watmath!clyde!rutgers!seismo!nbires!vianet!devine
From: devine@vianet.UUCP
Newsgroups: comp.unix.wizards
Subject: Re: file protection with NFS
Message-ID: <173@vianet.UUCP>
Date: Wed, 15-Apr-87 18:52:03 EST
Article-I.D.: vianet.173
Posted: Wed Apr 15 18:52:03 1987
Date-Received: Fri, 17-Apr-87 23:50:49 EST
References: <5462@shemp.CS.UCLA.EDU> <16425@sun.uucp> <1430@steinmetz.steinmetz.UUCP>
Organization: Western Digital, Boulder Tech Ctr
Lines: 19

In article <1430@steinmetz.steinmetz.UUCP>, davidsen@steinmetz.steinmetz.UUCP (William E. Davidsen Jr) writes:
> Assuming that there is a public key encryption program available on the
> client and server, there are a number of ways to obtain (relatively)
> secure connections, validated in both directions. One very simple
> variation on this:
> 
> 1) client sends a message "Hi I'm so-and-so" encrypted with the
> server's public key. The server must have the private key to decode the
> message and discover the prospective clients identity.

  This does not give authentication.  Imagine that clients A and C both
send the string "Hi, I am A" to server B.  Because both used B's public key,
B can not discover who really is A.  The correct solution is to send a
message to B that is based on the private key; this works unless the
private key has been compromised (either stolen or given away).  How the
private key is used to form the secure message to B depends on whether the
PK algorithm is symmetric with respect to encryption/decryption.

Bob Devine