Message-Id: <9307160934.AA28049@othello.admin.kth.se>
To: uri@bunyip.com
Subject: Security in URN-URL scheme (was: URNs in the DNS)
Date: Fri, 16 Jul 93 11:34:48 +0200
From: Rickard Schoultz <schoultz@admin.kth.se>
If we will pass on URN->URL mappings with some directory service (DS),
we will run into the problem that we must trust this DS to deliver the
right answer.
In the current vision of how this mapping will work, the URN Naming
Authority (NA) must provide or have a service provider to do this
mapping, and clients trying to resolve a URN must always go to this
originating source if they will have 100% trust in this mapping.
A DS/caching model in this structure implies that the client has to
trust the chain of DS on the way, and if there will be many clients not
trusting this service and who are going to the mapping originator, then
I guess the mapping service will not scale.
If the client is to put faith in that is has got the NA originated URN->URL
mapping, it can do one of two things:
1. The client will trust the DS.
2. The client will not trust the DS.
The first case means that the DS must have some means of authentication
between servers. This definitly rules out DNS, and in some sense X.500
as security in X.500 to my knowledge isn't implemeted. It may be that
Whois++ will solve this problem.
The second case means that the mapping service will have to provide some
mechanism of validation of a URN-URL mapping. This will probably
involve public keys or something similar. I am not really familiar with
methods to solve this issue.
In the long run I think we have to go to the latter sollution. In
addition to better security, it will probably scale better.
-Rickard
-- Rickard Schoultz schoultz@admin.kth.se SUNET/KTH +46-8-790 90 88 (voice) S-100 44 Stockholm (SWEDEN) +46-8-10 25 10 (fax)