[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSRA and "legacy systems"



Marcus,

At 09:23 PM 3/17/00 -0500, you wrote:
> What you're suggesting is interesting and laudable.  It's distinctly out of
> scope for this WG, if I understand what you're suggesting correctly.

For clarity, I'll try to restate my suggestion more succinctly:

	... an IPSRA proposal which uses a legacy credential,
	and which also incorporates a mechanism that replaces the
	legacy authentication transport mechanism to provide stronger
	authentication based on the credential.

Do you still believe this is "distinctly out of scope"?

If so, please elaborate.  This point is not at all apparent from the requirements
spec, and I know I'm not the only one to interpret it in a broader way.
There is clearly an intentional bias for mechanisms that keep legacy
authentication services and transport mechanisms intact.  But the current
draft does not (and I believe cannot) make this an *exclusive* requirement.

I find it difficult to see how one can exclude supporting a certain class of
authentication mechanisms, "legacy" or not, without making an explicit list
of what can *only* be supported.  Doing so would seem to risk making any
IPSRA proposal artificially narrow, or immediately obsolete.

For another view of my concerns, see my follow-up to Hugo Krawczyk's
comments, where he raised some good points.

---------------------------------------------------
David P. Jablon
Integrity Sciences, Inc.
+1 508 898 9024
dpj@xxxxxxxxxxxxxxxxxxxxx
www.IntegritySciences.com