[VOIPSEC] An issue of trust?

stuart jacobs stu.jacobs at verizon.com
Tue Jun 20 12:22:36 CDT 2006 

Thank you for the definition credit, however these terms come right out 
of ITU-T X.800.  The security terms I routinely use are:
Authentication
- Peer entity authentication (X.800)
- Data origin authentication (X.800)
- User Authentication (X.800 considers subset of Peer entity)
- Process Authentication (X.800 does not address)
Authorization - Access control
- Communications Access Controls (X.800)
- Computer Access Controls (X.800 does not address)
Data confidentiality (X.800)
- Connection confidentiality
- Connectionless confidentiality
- Selective field confidentiality
- Traffic flow confidentiality
Integrity
- Information integrity (Clark-Wilson Integrity Model)
  - Separation of duty
  - Well formed transactions
  - Logging
- Data integrity (X.800)
  - Connection integrity with recovery
  - Connection integrity without recovery
  - Selective field connection integrity
  - Connectionless integrity
  - Selective field connectionless integrity
Non‑repudiation
- Non-repudiation with proof of origin (X.800)
- Non-repudiation with proof of delivery (X.800)
- Non-repudiation of actions  (Clark-Wilson Integrity Model)

I have noted source of term/definition in "()"s

stu

On Jun 20, 2006, at 12:50 PM, Strand, David P (Dave) wrote:

> Accept the fact that there always will be the need for terminology at
> multiple levels, and, as we drill down further, the issues and methods
> of addressing them differ significantly.  Another example of this lies
> in the management domain, where "configuration management" broadly 
> refers
> to activities associated with modification of semi-permanent data 
> within
> network elements.  The first subdivision is what can be termed 
> "engineering"
> and "subscriber" CM, each of which have significantly different 
> considerations.
> Bottom line, the generic term CM is useful at one level, while a more
> pinpointed term is needed at more detailed levels.
>
> I like Stu's definitions to distinguish between the two fundamental 
> types
> of authentication - peer-entity and data origin.  I'd suggest using 
> those,
> at least on an informal basis, if one doesn't wish to attempt to put 
> the
> industry stamp of approval on them via a (lengthy) standards process.
>
> dps
>
> -----Original Message-----
> From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org]On
> Behalf Of Geoff Devine
> Sent: Tuesday, June 20, 2006 8:10 AM
> To: stuart jacobs
> Cc: Voipsec at voipsa.org
> Subject: Re: [VOIPSEC] An issue of trust?
>
>
> Right.  But people use "authentication" to mean both things and it is
> often difficult to tell by context which one they are talking about.
> I've seen this happen fairly frequently on this email reflector.
>
> We live in an industry where our technical jargon is meant to be very
> precise.  It would be useful to have two different terms.  Does anyone
> have any suggestions?
>
> Geoff
>
> -----Original Message-----
> From: stuart jacobs [mailto:stu.jacobs at verizon.com]
> Sent: Tuesday, June 20, 2006 10:34 AM
> To: Geoff Devine
> Cc: Voipsec at voipsa.org
> Subject: Re: [VOIPSEC] An issue of trust?
>
> Logging in is user or peer-entity authentication
>
> per-packet trust mechanism is data origin authentication
>
> On Jun 20, 2006, at 9:34 AM, Geoff Devine wrote:
>
>> Andy Zmolek writes:
>> 	
>>> Splitting hairs about authentication vs. encryption
>>
>> <snip>
>>
>> I struggle with the terminology.  The way I (mis?)use the term
>> authentication, it can mean both:
>>
>> Logging In: IKE, Kerberos, SIP digest...  I guess this is "session
>> authentication"
>>
>> Per-packet trust mechanism: SHA1, MMH...  I guess this is "packet
>> authentication"
>>
>>> From context, it's not always obvious to me which one someone is
>>> talking
>> about.  Are there better terms to distinguish between these two very
>> different chunks of security technology?
>>
>> Geoff
>>
>> _______________________________________________
>> Voipsec mailing list
>> Voipsec at voipsa.org
>> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>>
>>
> ========================================================
> Stuart Jacobs, CISM, CISSP
> PMTS - Sr. Technologist
> Network Security
> Verizon Laboratories
> 40 Sylvan Road
> Waltham MA 02451-1128
> (781) 466-3076
>
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
>
========================================================
Stuart Jacobs, CISM, CISSP
PMTS - Sr. Technologist
Network Security
Verizon Laboratories
40 Sylvan Road
Waltham MA 02451-1128
(781) 466-3076

More information about the Voipsec mailing list