OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: [security-services] SubjectLocality errata?


Can someone explain the following statement in core-00 (lines 674-675)?

 

This element is entirely advisory, since both these fields are quite easily "spoofed" but current practice appears to require its inclusion.

 

Specifically, what "current practice" appears to require it?  This sounds pretty ambiguous and if so, should be cleared up in the spec.

 

SubjectLocality is defined as the name/address FOR the system entity THAT WAS authenticated.

 

If the system entity is a computer system, then I can understand why the info might be useful, although I'm not sure how "current practice" applies. 

 

But for authenticated users, it doesn't make much sense since users don't typically have IP/DNS addresses.  It isn't supposed to identify WHERE the system entity WAS authenticated.  Or is this how others interpreted its use?

 

Thanks,

 

Rob Philpott

RSA Security Inc.

The Most Trusted Name in e-Security

Tel: 781-515-7115

Mobile: 617-510-0893

Fax: 781-515-7020

mailto:rphilpott@rsasecurity.com

 



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC