[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5195) ssf not available during sasl bind

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#5195) ssf not available during sasl bind
From: quanah@zimbra.com
Date: Mon, 29 Oct 2007 23:05:08 GMT

--On Monday, October 29, 2007 10:57 PM +0000 hyc@symas.com wrote:


> You don't. That would open you up to a downgrade attack.


So I think the point of the ITS remains.  It's difficult to do what they 
wanted to do.  And really, sometimes all you care is that the connection is 
encrypted at a particular base level based on the type of encryption being 
done.  Which is how it was at Stanford.  Which apparently we don't support 
using the security directive.  Which is why my acl's had sasl_ssf=56 all 
over them.

--Quanah


--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Prev by Date: Re: (ITS#5195) ssf not available during sasl bind
Next by Date: Re: (ITS#5195) ssf not available during sasl bind
Index(es):
- Chronological
- Thread