|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Redirection (was UNH Plugfest 5)Folks, > I think one resolution would be to note that there are two different > styles of redirect, secured or immediate. Then, in the guide-to- > implementers, note that a target redirecter should (lower > case should) be configurable to do either. I think that'll do. An important piece of the response to Paul's interoperability concern is that not only is deciding whether to believe an unauthenticated redirect a security policy decision, the decision about whether to spend target resources on authentication before issuing a redirect is also. There are lots of security policy instances in which the result is that nothing happens to avoid a security risk (e.g., there are many ways to configure IPsec to black-hole traffic, and in many cases, that's a feature). Thanks, --David ---------------------------------------------------- David L. Black, Senior Technologist EMC Corporation, 176 South St., Hopkinton, MA 01748 +1 (508) 293-7953 FAX: +1 (508) 293-7786 black_david@emc.com Mobile: +1 (978) 394-7754 ----------------------------------------------------
Home Last updated: Thu Jan 16 18:18:59 2003 12194 messages in chronological order |