[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Policy in IETF APIs (was: Standards and APIs)

To: IETF LDAP Extensions WG <ietf-ldapext@netscape.com>
Subject: Re: Policy in IETF APIs (was: Standards and APIs)
From: Jeff Hodges <JHodges@oblix.com>
Date: Tue, 14 Dec 1999 15:03:28 -0800
Organization: Oblix Inc. (http://www.oblix.com/)
References: <19398D273324D3118A2B0008C7E9A569051BEAF2@SIT.platinum.corp.microsoft.com>
Resent-date: Tue, 14 Dec 1999 15:03:42 -0800 (PST)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"crDy2D.A.vtD.GzsV4"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

Paul Leach wrote:
> What you are saying is that security is to be left to (non-existent) upper
> layers. That means it won't be secure. All experience in this area supports
> that contention. One of the most elementary security rules is that security
> can not be left to applications.

I'm not necessarily challenging this assertion, but I am curious as to whether you have
citations/references handy that support it (esspecially the last sentence). 

thanks,

JeffH

Prev by Date: Re: draft-wood-ldapext-float-00.txt (was: Re: Unidentified subject!)
Next by Date: New draft-ietf-ldapext-ldap-taxonomy-01
Index(es):
- Chronological
- Thread