Re: namedroppers, continued

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thus spake <Valdis.Kletnieks@vt.edu>
> Authentication:  Yes, you seem to be Jeffrey Dahlmer.
> Authorization:   You say you'd like to borrow a steak knife?
>
> Usually clears up the confusion in all but the most sluggish mind.. ;)

That's a very clear example, thanks.

> However, "authorization" usually implies "authentication" beforehand.
> Does anybody  have a reference on an authorization scheme that
> doesn't imply any authentication?

In a sense:  the IETF lists (and most others) use a null authentication
method, i.e. you trust whatever is in the message.  After that (null) step,
we apply weak authorization, i.e. whether the sender is on the approved
list.

I've seen lots of proposals to improve the former-- hardly difficult -- but
none for the latter.  Perhaps using precise terminology will help focus
efforts in the right area.

S


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]