SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    Re: UNH Plugfest 5



    On Wed, 15 Jan 2003, Paul Koning wrote:
    
    > >>>>> "Julian" == Julian Satran <Julian_Satran@il.ibm.com> writes:
    >
    >  Julian> Paul, Initiators are required to implement authentication but
    >  Julian> may use none. If the administrator insists that
    >  Julian> authentication must be used with redirectors too the same
    >  Julian> administrator will have to take care that the redirectors
    >  Julian> have the required authentication.
    >
    >  Julian> The standard does not have to say anything about it..
    >
    >  Julian> We can't take the position of weakening always the security
    >  Julian> of the redirector nor one of requiring everybody to follow a
    >  Julian> stricter authetication.
    >
    > Do we want interoperability or don't we?  My view of standards is that
    > they exist for the purpose of producing interoperability.
    
    I think Julian's other note is correct; if an administrator chooses to
    configure devices so they won't interoperate, that's his or her fault, not
    ours.
    
    > What you describe creates interop failures.  If the initiator wants to
    > require authentication before redirect, that will fail unless the
    > target supports that, but there's nothing in the standard requiring
    > the target to do so.  So I have conforming implementations that can't
    > talk to each other.  That's not a good idea.
    
    I think one resolution would be to note that there are two different
    styles of redirect, secured or immediate. Then, in the guide-to-
    implementers, note that a target redirecter should (lower case should) be
    configurable to do either.
    
    > Why do you say "weakening...the security of the redirector"?  I don't
    > see any security issue in sending the redirect before completing the
    > authentication.  Bob Russell explained that in his original note.
    
    While I think the redirect before completing security is fine, I can
    imagine that some administrators won't like it, so I think we should
    (conceptually) support both.
    
    > If there were a security problem, I'd be the first to argue for
    > requiring the authentication to be completed first.  But since there
    > is none, why require it?  And if it's not required, why allow for
    > configurations that break?
    >
    >        paul
    >
    
    


Home

Last updated: Wed Jan 15 21:19:14 2003
12183 messages in chronological order