[cap-talk] What's an authenticated authentication?
ludo at gnu.org
Fri Jul 24 08:50:22 EDT 2009
Toby Murray <toby.murray at comlab.ox.ac.uk>
> Consider a password in the context of a particular user account.
> The password is an "authenticator". It proves that whoever submits the
> password is "authentic", i.e. is the user that the account belongs to.
> However, the authenticator must be authenticated -- the given password
> must be checked against the stored password (or a salted one-way
> transformation of it etc.) for the user account.
> So authenticating an autheticator may not be as bogus as it sounds at first.
That's true. But similarly to the passport example, it's just a special
> In the context of your  (Jonathan Rees' "A security kernel based on
> the lambda calculus"), the author himself has says
> "I think I used the term "authentication" incorrectly in this paper."
> (see http://mumble.net/~jar/pubs/secureos/).
Hmm, I don't know what made him say so.
More information about the cap-talk