[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Confirm decision on identity handling.
> At 8:29 AM -0700 5/15/03, Eric Rescorla wrote:
> > > You could have a security policy that ignored the
> identity in the cert
> >> ("allow an SA with these restrictions to anyone who has a
> cert from
> >> XYZRoot"), or one that was identity-based ("let
> chris@xxxxxxxxxxx make
> >> an SA").
> >But you would presumably want to have some restrictions
> >on the IP addresses they were allowed to front for, right?
you could, but there are plenty of cases (the roaming user) where there is
no need. Those of us advocating the disassociation are not saying 100%
disassociate. We are saying make the base-line MUST disassociation, but
allow the user's the ability in configuration to associate and look for ID
in a certain place in the cert IF THEY WANT. That way, the 10% of the cert
users that want to associate will get what they need, and the rest of the
90% will have something that works easily.
This is the basic convenience vs. security continuum. Our job as protocol
designers is to give the people something they can use. 20% want it super
secure at the cost of convenience. 80% want it secure, but convenient, and
are willing to make the trade-off from the super-secure. The text I proposed
tried to reach this goal.