W3C home > Mailing lists > Public > ietf-discuss@w3.org > February 1999

Re: Continuing to draft mux WG charter

From: <spreitze@parc.xerox.com>
Date: Fri, 12 Feb 1999 08:43:34 PST
To: Chris Newman <chris@innosoft.com>
Cc: Mike Spreitzer <spreitze@parc.xerox.com>, ietf-http-ng@w3.org, discuss@apps.ietf.org
Message-Id: <99Feb12.084349pst."834439"@idea.parc.xerox.com>

You wrote: [[
There are subtle issues which need to be dealt with:

* If user authentication is done below the MEMUX layer, how will
  higher-level protocols "know" that?
* If user authentication is done above the MEMUX layer, what
  damage can passive or active attacks at the MEMUX layer cause?
* What impact will MEMUX have on firewalls when used to multiplex
  multiple services on the same port?

As for the first: how do higher layers ever "know" about authentication done in lower layers?  This is an issue of software in the peers, not the protocol, right?  What goes on the wire makes it clear (assuming the protocols above and below MEMUX were prepared to be separated at all --- which they would of course be if they're separate protocols); the issue is that an API for using MEMUX must enable authentication to pass through the MEMUX software layer appropriately.  As this WG is not about designing the API, I figure that issue is out of scope.

I think the other two issues are clearly in scope.
Received on Friday, 12 February 1999 11:45:32 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:08:05 UTC