[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: IP Address in the ACM (Was: Comments onAccessControlModel- BNF)

To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>, "robert byrne" <robert.byrne@Sun.COM>
Subject: RE: IP Address in the ACM (Was: Comments onAccessControlModel- BNF)
From: "Paul Leach" <paulle@Exchange.Microsoft.com>
Date: Mon, 9 Apr 2001 22:27:06 -0700
Cc: <ietf-ldapext@netscape.com>
Content-class: urn:content-classes:message
Thread-index: AcDBGlCdAOHVw1jISZCgGJrLEsKezQAXEFJg
Thread-topic: IP Address in the ACM (Was: Comments onAccessControlModel- BNF)

I agree with Kurt. There is no reason why such a feature needs to be
promulgated today -- many stronger mechanisms are readily available. 

> -----Original Message-----
> From: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.org] 
> Sent: Monday, April 09, 2001 10:22 AM
> To: robert byrne
> Cc: ietf-ldapext@netscape.com
> Subject: Re: IP Address in the ACM (Was: Comments 
> onAccessControlModel- BNF)
> 
> 
> Robert,
> 
> I think we're going to have to agree to disagree on this one.
> 
> To ensure that is no confusion as to my position, I'll reiterate it.
> 
> I object to a MUST (or SHOULD) for the ipAddress and DNS name 
> based subjects as I believe it inappropriate to mandate (or 
> recommend) the implementation of easily spoofed subjects. It 
> my opinion that these subjects should either be completely 
> removed (my preference) or made OPTIONAL. If made OPTIONAL, 
> the document should contain a detailed explanation of the 
> security considerations associated with the use of these subject.
> 
> Kurt
> 
>

Follow-Ups:
- Re: IP Address in the ACM (Was: Comments onAccessControlModel- BNF)
  - From: robert byrne <robert.byrne@Sun.COM>

Prev by Date: RE: anonymous & none in the ACM (Was: Comments Access Control Mod el - authentication levels 2)
Next by Date: Computer Training Simplified for EveryOne! [uqith]
Index(es):
- Chronological
- Thread