[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Policy in IETF APIs (was: Standards and APIs)

To: 'IETF LDAP Extensions WG' <ietf-ldapext@netscape.com>
Subject: RE: Policy in IETF APIs (was: Standards and APIs)
From: "Paul Leach (Exchange)" <paulle@Exchange.Microsoft.com>
Date: Mon, 20 Dec 1999 18:11:54 -0800
Resent-date: Mon, 20 Dec 1999 18:12:11 -0800 (PST)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"SRvR_C.A.vrF.yHuX4"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

Title: RE: Policy in IETF APIs (was: Standards and APIs)

> -----Original Message-----
> From: Jeff Hodges [mailto:JHodges@oblix.com]
> Sent: Tuesday, December 14, 1999 3:03 PM
> To: IETF LDAP Extensions WG
> Subject: Re: Policy in IETF APIs (was: Standards and APIs)
>
>
> Paul Leach wrote:
> > What you are saying is that security is to be left to
> (non-existent) upper
> > layers. That means it won't be secure. All experience in
> this area supports
> > that contention. One of the most elementary security rules
> is that security
> > can not be left to applications.
>
> I'm not necessarily challenging this assertion, but I am
> curious as to whether you have
> citations/references handy that support it (esspecially the
> last sentence).

How about the Orange Book. It demands that there be an unbypassable reference monitor that checks all references to make sure that the are allowed by security policy.

Also, I think papers on security in Multics, by Dennis or Saltzer, from the late 60's or early 70's; perhaps available in the Organick book on Multics. They discuss security flaws in systems that preceded Multics that motivated the Multics design.

Paul

Prev by Date: I-D ACTION:draft-ietf-ldapext-ldap-taxonomy-01.txt
Next by Date: Unidentified subject!
Index(es):
- Chronological
- Thread