Opened 8 years ago

Closed 8 years ago

#25 closed defect (fixed)

draft-ietf-tzdist-service: authentication and authorization of clients

Reported by: lear@… Owned by: cyrus@…
Priority: major Milestone:
Component: service Version:
Severity: Active WG Document Keywords:
Cc:

Description

Are all clients authorized to use all TZ distribution services? This seems unwise, if for no other reason than a misbehaving client may not be able to be easily identified and blocked.

Change History (1)

comment:1 Changed 8 years ago by mglt.ietf@…

  • Resolution set to fixed
  • Status changed from new to closed

I propose adding the following text to the last paragraph of the Security Considerations (Section 9):

Servers MAY require some form of authentication or authorization of
clients (including secondary servers) to restrict which clients are
allowed to access their service, or provide better identification of
errant clients. As such, servers MAY require HTTP-based authentication
as per [RFC 7235].

Note: See TracTickets for help on using tickets.