[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: authmeth: encryption strength vs. access control
I think that Jim suggested [Protocol] consideration (in
his recent "Re: Outstanding operations after TLS
closure/renegotiation" post) adequately addresses the
change security factor concern. I suggest that
[AuthMeth] echo this consideration, possibly
abbreviated.
Kurt
At 05:52 AM 3/7/2005, Hallvard B Furuseth wrote:
>I think something like this should be stated in authmeth (though I
>don't expect if this exact wording is quite correct):
>
> If the server uses the connection's encryption strength as an access
> control factor, it should generally use the weakest strength of when
> the request was received and when the response is sent - or maybe the
> weakest strength _since_ the request was received.
>
> The encryption strengths involved, include: The strength used to
> transfer the authentication credentials which resulted in the current
> association, the strength protecting the request, the strength
> protecting the response, [others?].
> A combination of these strengths may be used for the access control
> factor.
>
>It may be worse - if the server checked a client certificate at StartTLS
>and the strength has been negotiated upwards since then, maybe the
>weakest strength since TLS establishment is relevant. I expect the same
>can apply to SASL mechanisms that support renegotiation.
>
>Inspired by an old message from Kurt which I can't find at the moment.
>
>--
>Hallvard