On Thursday, February 01, 2007 05:15:56 PM -0500 Jeffrey Hutzelman
<[EMAIL PROTECTED]> wrote:
On Thursday, February 01, 2007 03:06:21 PM -0600 [EMAIL PROTECTED] wrote:
What keeps a user from copying the identity token from the USB
device to a local or shared file system to avoid having to insert
the USB device all the time?
We were considering public flogging but were unsure if we could get it
into an IETF draft.
<wg chair hat on>
Anyone can submit an internet-draft; just write up your proposal
according to <http://www.ietf.org/ietf/1id-guidelines.html> and send it
off to [EMAIL PROTECTED]
You should then bring up your proposal on the Kerberos Working Group
mailing list, [EMAIL PROTECTED] We're beginning to move into the area
of preauthentication and improving the initial authentication exchange,
and while I can't guarantee that your proposal will be well-received, it
will certainly receive the same consideration as a number of others that
have recently been raised.
<wg chair hat off>
Of course, I should note that it's your OTI proposal that I'm suggesting
you bring to the working group. The bit about public flogging should be
written up separately and sent directly to [email protected],
without prior publication as an I-D, per item 19 in the FAQ at
<http://www.rfc-editor.org/rfcfaq.html>
-- Jeff
