[x500standard] Re: New draft on password policy

  • From: David Chadwick <d.w.chadwick@xxxxxxxxxx>
  • To: x500standard@xxxxxxxxxxxxx
  • Date: Thu, 24 Sep 2009 19:06:25 +0100

Hi Kurt

Kurt Zeilenga wrote:


we still allow this as an option, but we think it is more secure if the directory never knows the user's password so is not able to store it in audit trails or anywhere.

If that's the rationale then shouldn't it apply to all password equivalents. If the protocol allows a DUA knowing only the encrypted password to gain access, the encrypted password is a password equivalent.

yes, that's why method 2 was not recommended.

regards

David


-- Kurt

-----
www.x500standard.com: The central source for information on the X.500 Directory Standard.



--
-------------------------------------------------------------
The Israeli group Breaking the Silence has just released a collection of
testimonies by Israeli soldiers that took part in the Gaza attack last
December and January. The testimonies expose significant gaps between the official stances of the Israeli military and events on the ground.

See  http://www.shovrimshtika.org/news_item_e.asp?id=30

The Israeli government defies Obama, and continues its settlement expansion

Israel plans to allocate $250 million over the next two years for settlements

http://www.palestinecampaign.org/index7b.asp?m_id=1&l1_id=4&l2_id=24&Content_ID=698

whilst simultaneously continuing to bulldoze Palestinian homes

http://salsa.democracyinaction.org/o/301/t/9462/campaign.jsp?campaign_KEY=27357

*****************************************************************
David W. Chadwick, BSc PhD
Professor of Information Systems Security
The Computing Laboratory, University of Kent, Canterbury, CT2 7NF
Skype Name: davidwchadwick
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick@xxxxxxxxxx
Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5

*****************************************************************
-----
www.x500standard.com: The central source for information on the X.500 Directory 
Standard.

Other related posts: