Re: authmeth: encryption strength vs. access control

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

I think that Jim suggested [Protocol] consideration (in
his recent "Re: Outstanding operations after TLS
closure/renegotiation" post) adequately addresses the
change security factor concern.  I suggest that
[AuthMeth] echo this consideration, possibly
abbreviated.

Kurt

At 05:52 AM 3/7/2005, Hallvard B Furuseth wrote:
>I think something like this should be stated in authmeth (though I
>don't expect if this exact wording is quite correct):
>
>  If the server uses the connection's encryption strength as an access
>  control factor, it should generally use the weakest strength of when
>  the request was received and when the response is sent - or maybe the
>  weakest strength _since_ the request was received.
>
>  The encryption strengths involved, include: The strength used to
>  transfer the authentication credentials which resulted in the current
>  association, the strength protecting the request, the strength
>  protecting the response, [others?].
>  A combination of these strengths may be used for the access control
>  factor.
>
>It may be worse - if the server checked a client certificate at StartTLS
>and the strength has been negotiated upwards since then, maybe the
>weakest strength since TLS establishment is relevant.  I expect the same
>can apply to SASL mechanisms that support renegotiation.
>
>Inspired by an old message from Kurt which I can't find at the moment.
>
>-- 
>Hallvard