[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: IP Address in the ACM (Was: Comments on Access Control Model - BNF)

To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Subject: Re: IP Address in the ACM (Was: Comments on Access Control Model - BNF)
From: George_Robert_Blakley_III/Tivoli_Systems%TIVOLI_SYSTEMS@us.ibm.com
Date: Fri, 30 Mar 2001 09:38:37 -0600
Cc: ietf-ldapext@netscape.com
Content-disposition: inline

I agree in general that IP addresses shouldn't be used as identities and
that RFC2820 is correct on
this count.  However the goal at the time the original model draft was
written was to support (or at least
not exclude) things which existing implementations were already doing,
however misguided they might
be from a "pure security" point of view.  Several implementations supported
and still support IP addresses
as subject attributes.

To your second point, the precedence assignment was based on the
observation that it's usually not
a single IP address which is included in a policy, but a range of IP
addresses.  Normally everything within
(or everything except) a specific IP address range is excluded from access
-- REGARDLESS of other
attributes.  Hence IP address became the highest precedence -- because the
mechanism is essentially
enforcing topology control & hence to be effective has to be enforced
first.

--bob

Bob Blakley
Chief Scientist
Enterprise Solutions Unit
Tivoli Systems, Inc. (an IBM Company)

"Kurt D. Zeilenga" <Kurt@OpenLDAP.org> on 03/29/2001 06:56:59 PM

To:   ietf-ldapext@netscape.com
cc:
Subject:  IP Address in the ACM (Was: Comments on Access Control Model -
      BNF)

At 06:28 PM 3/29/01 -0500, Richard V Huber wrote:
>is a legal subject.  Is that really what was intended?  It's not clear
>to me what it means to have an IP address (or a wildcarded domain name)
>use a particular authentication mechanism.

I note the inclusion of IP address is counter to
RFC2820 requirement:

   S6.  Access policy SHOULD NOT be expressed in terms of attributes
   which are easily forged (e.g. IP addresses).  There may be valid
   reasons for enabling access based on attributes that are easily
   forged and the behavior/implications of doing that should be
   documented.

I couldn't find any documentation, in particular Security
Considerations, detailing the behavior/implications for doing that.

I'm also clueless as to why an easily spoofed subject would
have the highest precedence.

Prev by Date: RE: WG last call on "duplicate entries"
Next by Date: Comments on Access Control Model - GetEffectiveRights
Index(es):
- Chronological
- Thread