[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: IP Address in the ACM (Was: Comments onAccessControlModel- BNF)

To: "robert byrne" <robert.byrne@Sun.COM>
Subject: RE: IP Address in the ACM (Was: Comments onAccessControlModel- BNF)
From: "Paul Leach" <paulle@Exchange.Microsoft.com>
Date: Tue, 10 Apr 2001 18:59:24 -0700
Cc: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>, <ietf-ldapext@netscape.com>
Content-class: urn:content-classes:message
Thread-index: AcDBkn+/8r2InuEcSM+e39qpYELTIwAltRoA
Thread-topic: IP Address in the ACM (Was: Comments onAccessControlModel- BNF)

I accept that there are environments where ip address and DNS name are
acceptable. However:
1. they aren't even close to the majority of environments
2. there are more cases where it isn't appropriate and it will get used
thinking it is secure, leading to a false sense of security
3. better alternatives are easily available

If there was no good alternative is some cases, then I could see leaving
the features in. But good security is quite readily available, so there
is no reason to settle for semi-security.

Before I could acquiesce, I would want to see the security
considerations that are proposed to go with the feature. I think they
should include very dire warnings about how easy it is to defeat them,
and descriptions of the environments where they can be safely used.
Absent these, it would be irresponsible to bless such features with the
words "RFC compliant" and the endorsement of the IETF.

Also, I think it is entirely reasonable that some vendors decide that
they don't want to serve the market where such features might be
adequate, or wish to serve it by offering stronger mechanisms.

In any case, interoperability is better ensured by having smaller
feature sets, not by trying to use "mandatory to implement" to force
implementation of large feature sets.

> -----Original Message-----
> From: robert byrne [mailto:robert.byrne@Sun.COM] 
> Sent: Tuesday, April 10, 2001 12:42 AM
> To: Paul Leach
> Cc: Kurt D. Zeilenga; ietf-ldapext@netscape.com
> Subject: Re: IP Address in the ACM (Was: Comments 
> onAccessControlModel- BNF)
> 
> 
> 
> Kurt/Paul,
> 
> Fair enough...
> 
> To restate my own position: "security" depends on the 
> environment--there will be environments where things like 
> public access, simple authentication and ip address based 
> access controls will be both acceptable and desirable.  
> Removing such things from the ACM is a disservice to users in 
> those environments and making them optional introduces an 
> unecessary "point of non-interoperability" to the model.
> 
> Rob.
> 
> Paul Leach wrote:
> > 
> > I agree with Kurt. There is no reason why such a feature 
> needs to be 
> > promulgated today -- many stronger mechanisms are readily available.
> > 
> > > -----Original Message-----
> > > From: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.org]
> > > Sent: Monday, April 09, 2001 10:22 AM
> > > To: robert byrne
> > > Cc: ietf-ldapext@netscape.com
> > > Subject: Re: IP Address in the ACM (Was: Comments
> > > onAccessControlModel- BNF)
> > >
> > >
> > > Robert,
> > >
> > > I think we're going to have to agree to disagree on this one.
> > >
> > > To ensure that is no confusion as to my position, I'll 
> reiterate it.
> > >
> > > I object to a MUST (or SHOULD) for the ipAddress and DNS 
> name based 
> > > subjects as I believe it inappropriate to mandate (or
> > > recommend) the implementation of easily spoofed subjects. It my 
> > > opinion that these subjects should either be completely 
> removed (my 
> > > preference) or made OPTIONAL. If made OPTIONAL, the 
> document should 
> > > contain a detailed explanation of the security considerations 
> > > associated with the use of these subject.
> > >
> > > Kurt
> > >
> > >
> 
>

Prev by Date: Re: browse permission in the ACM
Next by Date: Re: browse permission in the ACM
Index(es):
- Chronological
- Thread