[Date Prev][Date Next]
authmeth: encryption strength vs. access control
I think something like this should be stated in authmeth (though I
don't expect if this exact wording is quite correct):
If the server uses the connection's encryption strength as an access
control factor, it should generally use the weakest strength of when
the request was received and when the response is sent - or maybe the
weakest strength _since_ the request was received.
The encryption strengths involved, include: The strength used to
transfer the authentication credentials which resulted in the current
association, the strength protecting the request, the strength
protecting the response, [others?].
A combination of these strengths may be used for the access control
It may be worse - if the server checked a client certificate at StartTLS
and the strength has been negotiated upwards since then, maybe the
weakest strength since TLS establishment is relevant. I expect the same
can apply to SASL mechanisms that support renegotiation.
Inspired by an old message from Kurt which I can't find at the moment.