[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Updated version of "X.509 Authentication SASL Mechanism
On Wed, 1 Jul 1998, Steve Kille wrote:
> 2) I added the "generation-time" field, and Sean questioned its use.
> This time information is allowed in the general X.509 framework,
> althoug X.500 does not use it. It seems to me that the party doing
> the authentication may have a policy on timeouts, and so this field
> may be useful in addition to the "time" field which is set according
> to the policy of the party being authenticated. I'd appreciate input
> on this.
I'd be inclined to leave it out. While the concept of restricting the
timeout length is interesting, I don't think it's complete without a way
to find out the other party's policy. Once you add policy discovery to
the mix, it's probably too complex to be worth it for this case.
- Chris