30 Jan
1996
30 Jan
'96
11:25 a.m.
I can certainly understand the need for access control & security, but with the use of a smart-card one-time password system, this is a moot point. Huh? How are you going to stop a system from "illegally" (in the sense of the provider, contracts, or whatever) acting as -say- www, ftp, or whatever server with such a one-time password system? You'll need access control *based on IP addresses* to reach that goal!
Perhaps you would like to flesh out these requirements with Dave O'Leary for the PIER WG. This was an area that was of particular concern, in an environment where renumbering is a fact of life. --bill