RE: Confirm decision on identity handling.

["Andrew Krywaniuk" <askrywan@hotmail.com>]

> > >To allow for more stringent local security policy,
> > implementations MAY
> > >offer
> > >a configuration option to check that the idenity presented
> > in the identity
> > >payload matches the equivalent identity type in the
> > presented certificate.
> >
> > I guess my main question would be, in what way does this
> > allow for a "more
> > stringent local security policy"?
>
>If alice and amy are both users with valid certs, amy cannot connect to bob
>using her own cert, but using alice's identity in the identity payload.
>
>I personally don't think it is a big deal, but Steve Kent has said he 
>thinks
>it is, and I can see higher security organizations wanting it.


This is what I described a few days ago as the "gratuitous id check". 
However, I don't see how this is providing a more stringent security policy. 
If Amy is not allowed to talk to Bob, then the authentication should fail 
regardless of what she puts in her id payload, since the data in the 
certificate is authoritative.

In its modern incarnation, the id payload is supposed to be a key for policy 
lookups. Once you finish the policy lookup, you should then be able to 
ignore the id and base all further decisions on the data in the certificate.

Andrew
--------------------------------------
The odd thing about fairness is when
we strive so hard to be equitable
that we forget to be correct.



_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*.  
http://join.msn.com/?page=features/featuredemail