Re: changes for -03

To: gmj@pobox.com
Subject: Re: changes for -03
From: Neal Ziring <nziring@thecouch.ncsc.mil>
Date: Mon, 17 Nov 2003 09:43:15 -0500
Cc: opsec@ops.ietf.org
In-reply-to: <Pine.LNX.4.53.0311141139460.15336@mall.pulltheplug.com>
Organization: NSA C43
References: <Pine.LNX.4.53.0311141139460.15336@mall.pulltheplug.com>
Reply-to: nziring@thecouch.ncsc.mil
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20030925

George,

  - Require some form of local, non-IP based authenticaiton for
    use on the console when IP is not available


I strongly agree with this.  Also, most devices seem to support
this already, so it should be too controversial.

- Idle timeout for autenticated sessions ?

Yes, I agree with this also, with two provisos:

       1. make sure the wording reflects authenticated
          administrative login sessions, otherwise it
          might be too broad?

       2. perhaps include the requirement that the
          default value of the timeout has to be something
          shorter than 'forever'.

...nz

Thanks,
---George