Dan Harkins wrote:
> I guess it depends on what you mean by "expose". If it means a kind
> of flashing-- here's the username and password!-- then no this is not
> sufficient. Such an exposure is certainly a problem but popular ways to
> get around this exposure are not satisfactory. What I'm sayi
Hi Alan,
On Tue, December 1, 2009 2:03 am, Alan DeKok wrote:
> Dan Harkins wrote:
>> I guess it depends on what you mean by "expose". If it means a kind
>> of flashing-- here's the username and password!-- then no this is not
>> sufficient. Such an exposure is certainly a problem but popular
Dan Harkins wrote:
> The text says the method
> "MUST NOT expose" the username and password. The word "expose" is not
> defined and is very vague and open to interpretations that would result
> in an insecure protocol. I think there is a property in a properly modeled
> protocol that could replace
Alan,
Yes, I can propose a specific modification. In fact, I did already.
It just got truncated from the thread. What I suggest is that in
section 3.1, in the middle of the first paragraph (the text that Joe
was quoting originally), remove this:
"The tunnel method MUST support transporti
