[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: IP Address in the ACM (Was: Comments onAccessControlModel- BNF)
I agree with Kurt. There is no reason why such a feature needs to be
promulgated today -- many stronger mechanisms are readily available.
> -----Original Message-----
> From: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.org]
> Sent: Monday, April 09, 2001 10:22 AM
> To: robert byrne
> Cc: ietf-ldapext@netscape.com
> Subject: Re: IP Address in the ACM (Was: Comments
> onAccessControlModel- BNF)
>
>
> Robert,
>
> I think we're going to have to agree to disagree on this one.
>
> To ensure that is no confusion as to my position, I'll reiterate it.
>
> I object to a MUST (or SHOULD) for the ipAddress and DNS name
> based subjects as I believe it inappropriate to mandate (or
> recommend) the implementation of easily spoofed subjects. It
> my opinion that these subjects should either be completely
> removed (my preference) or made OPTIONAL. If made OPTIONAL,
> the document should contain a detailed explanation of the
> security considerations associated with the use of these subject.
>
> Kurt
>
>