[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Updated version of "X.509 Authentication SASL Mechanism

To: Chris Newman <Chris.Newman@INNOSOFT.COM>
Subject: Re: Updated version of "X.509 Authentication SASL Mechanism
From: Steve Kille <S.Kille@isode.com>
Date: Sun, 12 Jul 1998 20:57:00 +0100 (GMT Daylight Time)
Cc: IETF LDAP Extensions WG <ietf-ldapext@netscape.com>
Resent-date: Sun, 12 Jul 1998 13:26:01 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"tM02P2.0.fX3.OlHgr"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

Chris,

I will drop this from the next version, unless I hear some very clear 
requests to keep it in!

Steve


On Wed, 01 Jul 1998 11:29:41 -0700 (PDT) Chris Newman 
<Chris.Newman@innosoft.com> wrote:

> On Wed, 1 Jul 1998, Steve Kille wrote:
> > 2) I added the "generation-time" field, and Sean questioned its use.
> > This time information is allowed in the general X.509 framework,
> > althoug X.500 does not use it.  It seems to me that the party doing
> > the authentication may have a policy on timeouts, and so this field
> > may be useful in addition to the "time" field which is set according
> > to the policy of the party being authenticated.  I'd appreciate input
> > on this.
> 
> I'd be inclined to leave it out.  While the concept of restricting the
> timeout length is interesting, I don't think it's complete without a way
> to find out the other party's policy.  Once you add policy discovery to
> the mix, it's probably too complex to be worth it for this case.
> 
> 		- Chris
> 
>

Prev by Date: Re: draft-ietf-ldapext-authmeth-02.txt
Next by Date: Re: Updated version of "X.509 Authentication SASL Mechanism
Index(es):
- Chronological
- Thread