[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Security Strength Factor

To: openldap-software@OpenLDAP.org
Subject: Re: Security Strength Factor
From: Dieter Kluenter <dieter@incode.com>
Date: Thu, 19 Dec 2002 11:02:18 +0100
In-reply-to: <5.2.0.9.0.20021218100035.02552548@127.0.0.1> ("Kurt D. Zeilenga"'s message of "Wed, 18 Dec 2002 10:14:15 -0800")
References: <5.2.0.9.0.20021218100035.02552548@127.0.0.1>
User-agent: Gnus/5.090005 (Oort Gnus v0.05) XEmacs/21.4 (Informed Management, i686-pc-linux)

"Kurt D. Zeilenga" <Kurt@OpenLDAP.org> writes:

> At 02:20 AM 12/18/2002, Dieter Kluenter wrote:
>>Hello,
>>what is the precise definition of SSF, I know it "indicates a relative
>>strength of protection", but protection of what and protection by
>>whom?
>
> OpenLDAP has multiple SSFs.  For each session, there is
> one for SASL, one for TLS, etc., and an overall session
> SSF (the greatest SSF of any particular layer).
[...]
> SASL/EXTERNAL, itself, provides no security layers.  There
> may be protections provided by lower layers (like TLS) and,
> if so, these are reflected in SSF associated with the particular
> layer providing the protection as well as the overall SSF.

I understand from the above that a ssf value given in slapd.conf as
access control is not necessarily referring to SASL SSF, but may as
well refer to TLS SSF or what so ever , depending on the highest value
for a given session and it could be even a sum of two ore more
layers?

-Dieter

-- 
Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter@schevolution.com
http://www.schevolution.com/tour

References:
- Re: Security Strength Factor
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Large add fails with I/O error
Next by Date: slapd 100% CPU usage !
Index(es):
- Chronological
- Thread