Redirection (was UNH Plugfest 5)

To: wrstuden@wasabisystems.com
Subject: Redirection (was UNH Plugfest 5)
From: Black_David@emc.com
Date: Thu, 16 Jan 2003 13:33:37 -0500
Cc: ips@ece.cmu.edu
Content-Type: text/plain;charset="iso-8859-1"
Sender: owner-ips@ece.cmu.edu

Folks,

> I think one resolution would be to note that there are two different
> styles of redirect, secured or immediate. Then, in the guide-to-
> implementers, note that a target redirecter should (lower 
> case should) be configurable to do either.

I think that'll do.  An important piece of the response to Paul's
interoperability concern is that not only is deciding whether to
believe an unauthenticated redirect a security policy decision,
the decision about whether to spend target resources on authentication
before issuing a redirect is also.  There are lots of security policy
instances in which the result is that nothing happens to avoid a
security risk (e.g., there are many ways to configure IPsec to
black-hole traffic, and in many cases, that's a feature).

Thanks,
--David
----------------------------------------------------
David L. Black, Senior Technologist
EMC Corporation, 176 South St., Hopkinton, MA  01748
+1 (508) 293-7953             FAX: +1 (508) 293-7786
black_david@emc.com        Mobile: +1 (978) 394-7754
----------------------------------------------------

Prev by Date: I-D ACTION:draft-ietf-ips-security-19.txt
Next by Date: RE: iSCSI extension algorithms (was no subject)
Prev by thread: I-D ACTION:draft-ietf-ips-security-19.txt
Next by thread: FW: Redirection (was UNH Plugfest 5)
Index(es):
- Date
- Thread

Home

Last updated: Thu Jan 16 18:18:59 2003
12194 messages in chronological order