[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: IP Address in the ACM (Was: Comments onAccessControlModel- BNF)

To: robert byrne <robert.byrne@Sun.COM>
Subject: Re: IP Address in the ACM (Was: Comments onAccessControlModel- BNF)
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Mon, 09 Apr 2001 10:21:41 -0700
Cc: ietf-ldapext@netscape.com
In-reply-to: <3AD17909.4E414D8E@Sun.COM>
References: <5.0.2.1.0.20010404130816.00b02a10@127.0.0.1> <5.0.2.1.0.20010405074208.01f6e7a0@127.0.0.1> <5.0.2.1.0.20010405083950.01f6a670@127.0.0.1> <5.0.2.1.0.20010406170456.01e667f0@127.0.0.1>

Robert,

I think we're going to have to agree to disagree on this one.

To ensure that is no confusion as to my position, I'll
reiterate it.

I object to a MUST (or SHOULD) for the ipAddress and DNS name
based subjects as I believe it inappropriate to mandate
(or recommend) the implementation of easily spoofed subjects.
It my opinion that these subjects should either be completely
removed (my preference) or made OPTIONAL. If made OPTIONAL,
the document should contain a detailed explanation of the
security considerations associated with the use of these
subject.

Kurt

References:
- RE: IP Address in the ACM (Was: Comments on Access Control Model - BNF)
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: IP Address in the ACM (Was: Comments on Access ControlModel - BNF)
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: IP Address in the ACM (Was: Comments on AccessControlModel - BNF)
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: IP Address in the ACM (Was: Comments on AccessControlModel- BNF)
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: IP Address in the ACM (Was: Comments onAccessControlModel- BNF)
  - From: robert byrne <robert.byrne@Sun.COM>

Prev by Date: Re: Authentication Levels for ACMs
Next by Date: Re: anonymous & none in the ACM (Was: Comments Access Control Model - authentication levels 2)
Index(es):
- Chronological
- Thread