SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    Redirection (was UNH Plugfest 5)



    Folks,
    
    > I think one resolution would be to note that there are two different
    > styles of redirect, secured or immediate. Then, in the guide-to-
    > implementers, note that a target redirecter should (lower 
    > case should) be configurable to do either.
    
    I think that'll do.  An important piece of the response to Paul's
    interoperability concern is that not only is deciding whether to
    believe an unauthenticated redirect a security policy decision,
    the decision about whether to spend target resources on authentication
    before issuing a redirect is also.  There are lots of security policy
    instances in which the result is that nothing happens to avoid a
    security risk (e.g., there are many ways to configure IPsec to
    black-hole traffic, and in many cases, that's a feature).
    
    Thanks,
    --David
    ----------------------------------------------------
    David L. Black, Senior Technologist
    EMC Corporation, 176 South St., Hopkinton, MA  01748
    +1 (508) 293-7953             FAX: +1 (508) 293-7786
    black_david@emc.com        Mobile: +1 (978) 394-7754
    ----------------------------------------------------
    
    
    
    
    


Home

Last updated: Thu Jan 16 18:18:59 2003
12194 messages in chronological order