Chapter 17: Message Security Protocols

Team-Fly

In this chapter, we focus on the security protocols that operate above the application layer, meaning that the messages that are transmitted by application protocols are cryptographically protected before they are submitted for transmission. These protocols are called message security protocols in this book. We start this chapter with an introduction in Section 17.1, elaborate on some protocols that have been proposed and that are being used for secure messaging in Section 17.2, and draw some conclusions in Section 17.3.

17.1 INTRODUCTION

Consider the situation in which you have to securely transfer a stream of bits and bytes (e.g., a file or a message) through a computer network or distributed system. There are basically two possibilities to do so:

  1. You may use a secure transfer protocol. If no such protocol is available, you may consider enhancing a given transfer protocol (e.g., FTP) with security features and use this security-enhanced transfer protocol to actually transfer the stream of bits and bytes.

  2. You may use any given (insecure) transfer protocol and secure the stream of bits and bytes before it is submitted for transfer.

The first possibility leads to a situation in which the security services are provided at the application layer, whereas the second possibility leads to a situation in which the security services are provided above the application layer. To make this distinction more accurate, the security protocols that implement the second possibility are referred to as message security protocols in the rest of this book. Note that this is an artificial term, and that there is no such thing as a "message layer" in the Internet model. Also note that the first possibility (i.e., application layer security protocols) was addressed in Chapter 16, whereas the second possibility (i.e., message security protocols) is discussed in this chapter. More specifically, we discuss the problem of securely transfering e-mail messages (using a secure messaging protocol) next.

Another topic that could be addressed in this chapter is related to the security features of the Extensible Markup Language (XML) as specified by the World Wide Web Consortium (W3C). In fact, the use of XML makes it possible to encrypt or digitally sign data segments (e.g., messages) in a standardized way before they are transmitted in computer networks or distributed systems. Because XML security is a very new and still transient topic, it is not further addressed in this book. Note, however, that the IETF XMLDSIG WG[1] has been asked "to develop an XML compliant syntax used for representing the signature of Web resources and portions of protocol messages (anything referencable by a URI) and procedures for computing and verifying such signatures." As of this writing, the IETF XMLDSIG WG has released a standards track RFC document [1] as well as two informational RFC documents [2, 3].[2]

[1]http://www.ietf.org/html.charters/xmldsig-charter.html

[2]Furthermore, an Internet-Draft has been released that is going to replace [1].


Team-Fly


Internet and Intranet Security
Internet & Intranet Security
ISBN: 1580531660
EAN: 2147483647
Year: 2002
Pages: 144

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net