[Date Prev][Date Next] [Chronological] [Thread] [Top]

authLevel and related security considerations - draft-ietf-ldapext-acl-model-08.txt

To: Ellen Stokes <stokes@austin.ibm.com>
Subject: authLevel and related security considerations - draft-ietf-ldapext-acl-model-08.txt
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Mon, 02 Jul 2001 19:46:36 -0700
Cc: ietf-ldapext@netscape.com
In-reply-to: <5.0.2.1.0.20010629105210.00a63688@popmail2.austin.ibm.com>

As I note in my auth-lvls I-D, one must be careful not to
confuse the strength of the authentication mechanism itself
and the strength of a security association.  In particular,
while a strong mechanism resists active attack, if data
integrity is not provided over the duration of the security
association, that association is subject to hijack attack.

I note that the current ACM does not support the strength
of data integrity or data confidential services as access
control factors.  This should be noted as well.

Kurt

Prev by Date: IP/DNS subjects - draft-ietf-ldapext-acl-model-08.txt
Next by Date: increasing complexity - draft-ietf-ldapext-acl-model-08.txt
Index(es):
- Chronological
- Thread