Re: [Isms] #32: is the securityName=username default OK?

To: "Nelson, David" <dnelson at enterasys.com>
Subject: Re: [Isms] #32: is the securityName=username default OK?
From: Sam Hartman <hartmans-ietf at mit.edu>
Date: Tue, 25 Oct 2005 18:36:30 -0400
Cc: isms at ietf.org
In-reply-to: <2A5E4540D4D5934D9A1E7E0B0FDB2D690141F38A@MAANDMBX2.ets.enterasys.com> (David Nelson's message of "Tue, 25 Oct 2005 10:19:57 -0400")
List-archive: <http://www1.ietf.org/pipermail/isms>
List-help: <mailto:isms-request@lists.ietf.org?subject=help>
List-id: Mailing list for the ISMS working group <isms.lists.ietf.org>
List-post: <mailto:isms@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@lists.ietf.org?subject=unsubscribe>
References: <2A5E4540D4D5934D9A1E7E0B0FDB2D690141F38A@MAANDMBX2.ets.enterasys.com>
Sender: isms-bounces at lists.ietf.org
User-agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (gnu/linux)

>>>>> "Nelson," == Nelson, David <dnelson at enterasys.com> writes:

    Nelson,> AAA systems almost always authenticate humans.  Even when
    Nelson,> they don't, the protocols have been designed for
    Nelson,> authentication of humans.  That pretty much guarantees
    Nelson,> that the basic identity nomenclature (the username) will
    Nelson,> be human readable, because it has to be human writeable
    Nelson,> (e.g. entered by a human at a keyboard).  I believe you
    Nelson,> can assume and require that tmSecurityName be human
    Nelson,> readable without any loss of generality, even when the
    Nelson,> credentials are in a more complex form, such as digital
    Nelson,> certificates.

I believe that assuming Tmsecurityname is human readable is in general
false.  There are too many complicated problems having to do with
choosing the right name and various things people want to put in a
name.

I believe that you can assume the ssh username is human readable and
agree with david that you do not want per-user configuration.

--Sam


_______________________________________________
Isms mailing list
Isms at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/isms

Follow-Ups:
- Re: [Isms] #32: is the securityName=username default OK?
  - From: Randy Presuhn

References:
- RE: [Isms] #32: is the securityName=username default OK?
  - From: Nelson, David

Prev by Date: RE: [Isms] #1: is it important to support anonymous user accesstoSNMP?
Next by Date: Re: [Isms] #32: is the securityName=username default OK?
Previous by thread: RE: [Isms] #32: is the securityName=username default OK?
Next by thread: Re: [Isms] #32: is the securityName=username default OK?
Index(es):
- Date
- Thread

Re: [Isms] #32: is the securityName=username default OK?

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.