[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

draft-sun-handle-system

To: iesg-secretary@ietf.org
Subject: draft-sun-handle-system
From: Russ Housley <housley@vigilsec.com>
Date: Wed, 16 Apr 2003 14:11:33 -0400
Cc: iesg@ietf.org

I ahve a few comment on draft-sun-handle-system-10.

1. I do not understand the terms "service integrity" and "service non-repudiation." I understand "data integrity," and I understand "non-repudiation." These are security services. Perhaps that is the intent, but I am not sure. The word "service" could be referring to the Handle System Service.

2. Section 4 says that authentication is needed prior to determining authorization, but it does not provide any insight into the types of authorizations that the system can support. Administrator privileges are the only authorization discussed at all. It is not clear to me what the linkage between these under-specified authorizations and the confidentiality security service.

3. In section 6.3, it says: "The trust between the client and its proxy and caching server has to be setup independently." If the server returns a signed response, I assume that the client can determine that it came from the correct source, regardless of the number of proxies that are in the middle of the communications path.

Russ

Prev by Date: Re: draft-chiba-radius-dynamic-authorization
Next by Date: Re: UPDATED: IESG Telechat Agenda and Package for April 17, 2003
Previous by thread: draft-ietf-msdp-spec
Next by thread: draft-sun-handle-system-def
Index(es):
- Date
- Thread