-----Original Message----- From: robert byrne Sent: Thu 4/5/2001 7:17 AM To: Kurt D. Zeilenga Cc: Paul Leach; ietf-ldapext@netscape.com Subject: Re: IP Address in the ACM (Was: Comments on Access ControlModel - BNF) I don't think we should put optional things in the spec--it will create interoperability problems. If someone implements a product that is not intended to be used in environments where IP addresses as subjects is secure, then why should we make them implement it? I don't see why you are particularly down on ip address subjects, but a subject with simple authentication doesn't seem to bother you. I mean, in practice I would say there is not much difference in the risk involved in granting rights based on ip addresses and granting rights to a subject with an authentication level of "simple". I'm quite willing to outlaw simple unless its over SSL, if everyone would go along with it. Any takers? Silence may mean assent to inevitablilty, but not necessarily agreement. And yes, the security consideration about use of simple over unencrypted links ought to be couched in apocolyptic language. Paul
<<winmail.dat>>