|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: UNH Plugfest 5On Wed, 15 Jan 2003, Paul Koning wrote: > >>>>> "Julian" == Julian Satran <Julian_Satran@il.ibm.com> writes: > > Julian> Paul, Initiators are required to implement authentication but > Julian> may use none. If the administrator insists that > Julian> authentication must be used with redirectors too the same > Julian> administrator will have to take care that the redirectors > Julian> have the required authentication. > > Julian> The standard does not have to say anything about it.. > > Julian> We can't take the position of weakening always the security > Julian> of the redirector nor one of requiring everybody to follow a > Julian> stricter authetication. > > Do we want interoperability or don't we? My view of standards is that > they exist for the purpose of producing interoperability. I think Julian's other note is correct; if an administrator chooses to configure devices so they won't interoperate, that's his or her fault, not ours. > What you describe creates interop failures. If the initiator wants to > require authentication before redirect, that will fail unless the > target supports that, but there's nothing in the standard requiring > the target to do so. So I have conforming implementations that can't > talk to each other. That's not a good idea. I think one resolution would be to note that there are two different styles of redirect, secured or immediate. Then, in the guide-to- implementers, note that a target redirecter should (lower case should) be configurable to do either. > Why do you say "weakening...the security of the redirector"? I don't > see any security issue in sending the redirect before completing the > authentication. Bob Russell explained that in his original note. While I think the redirect before completing security is fine, I can imagine that some administrators won't like it, so I think we should (conceptually) support both. > If there were a security problem, I'd be the first to argue for > requiring the authentication to be completed first. But since there > is none, why require it? And if it's not required, why allow for > configurations that break? > > paul >
Home Last updated: Wed Jan 15 21:19:14 2003 12183 messages in chronological order |