Great Circle Associates Firewalls
(February 1994)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: Secure Batch ftp
From: Yves . Dherbecourt @ der . edf . fr (Yves Dherbecourt)
Date: Thu, 3 Feb 94 11:37:33 +0100
To: Firewalls @ greatcircle . com

First thank you for your answers. Then, some remarks :
>From: mjr @
 tis .
 com
>        The approach that seems most attractive is to have an FTP-like
>server (or maybe just a mail-responder) that checks for a digital
>signature on the message, and which then does the "right" thing if
>it's from a known user.
>
>        For example, I might send a message that looks like:
>
>-----BEGIN PRIVACY-ENHANCED MESSAGE-----
>Proc-Type: 4,MIC-CLEAR
>Content-Domain: RFC822
>Originator-ID-Asymmetric: MFMxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJNRDE
> kMCIGA1UEChMbVHJ1c3RlZCBJbmZvcm1hdGlvbiBTeXN0ZW1zMREwDwYDVQQLEwh
> HbGVud29vZA==,05
>MIC-Info: RSA-MD5,RSA,VrjsX36CM6DtvZF8dIablHPga0Ax1ca9txZUYL0svxZ
> iJMFXq7TB8GpYmqozaQOTb8Bi8xITEoH9BSQxcEpAr+6dhD2jWicfnckFnRMKijA
> FWVY7dl66RAb6MLQwrV4T
>
>tar cf - /home/mjr/src/foo | compress | uuencode foo.tar.Z | mail mjr @
 tis .
 com

Yes, PEM has very interesting security features that could be used as
master pieces of the system. BUT :
	I suppose that PEM is quite widespread in USA. As far as I know, that's
not true in Europe (and especially in France).
	One of the systems involved (Mainframe IBM) doesn't have mail service
(at least on our site ; I don't know in general)

Also, as you mean, the request (The "right" thing to do) may use any utility 
other than mail ; but if you use ftp, for instance, and if the sites involved
have a firewall + SecurID authentication , you get back with the problem.

More, the reliability of the service in also an important point : when the
request has been registered by the service, I 'd like to give to both
source and destination an insurance that it'll be done, even if one of
the ressources (network, hosts) is down when the request is made. Facing
this reliability need, I'm not sure I can use mail for the file transfer.
Well. It goes away from firewalls'topic, so i stop.

But I feel that with a combination of the different ideas as the
"request collector", secured dropoff points, ... and existing softwares
as BFTP, I can build up the solution.

So thank you again, and back in a few weeks with the whole "building", I hope.
 
#----------------------------------------------------------------------------#
# Yves Dherbecourt                    |  Tel : (1) 47 65 37 90               #
# Electricite de France               |  Fax : (1) 47 65 35 23               #
# DER / IMA / ICI / ASR               |  Tlx : 631576                        #
# 1, avenue du General de Gaulle      |                                      #
# 92141 CLAMART Cedex                 | Email : Yves .
 Dherbecourt @
 der .
 edf .
 fr  #
# France                              |                                      #
#----------------------------------------------------------------------------#

Indexed By Date Previous: Re: Socks and DNS
From: hp90101 @ internet . sbi . com (Harry Protoolis)
Next: Re: NFS mounts
From: Ken Weaverling <weave @ hopi . dtcc . edu>
Indexed By Thread Previous: Re: Secure Batch ftp
From: "Robert G. Moskowitz" <0003858921 @ mcimail . com>
Next: ftpd and passwd files
From: hobbit @ babyoil . ftp . com (*Hobbit*)

Google
 
Search Internet Search www.greatcircle.com