[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAPS vs. StartTLS ext. op.

To: Howard Chu <hyc@symas.com>
Subject: Re: LDAPS vs. StartTLS ext. op.
From: Michael Ströder <michael@stroeder.com>
Date: Wed, 25 Jul 2007 23:39:18 +0200
Cc: openldap-software@openldap.org
In-reply-to: <46A7C13B.4080907@symas.com>
References: <20070723135119.GC13339@NetBSD.org> <4C80A2DB7D4B6733ED0C82F5@deus-ex.zimbra.com> <46A7801A.8090009@stroeder.com> <46A7C13B.4080907@symas.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.5) Gecko/20070716 SeaMonkey/1.1.3

Howard Chu wrote:
> Michael Ströder wrote:
>> => If the OpenLDAP developers were really crazy enough to remove support
>> for LDAPS from OpenLDAP I'd kick OpenLDAP out of my business
>> immediately. Period.
> 
> If someone at IANA were to tell us that this number assignment was
> officially withdrawn, then we would drop it. We really wouldn't have
> much choice, nor would any other implementor that wanted to claim that
> their LDAP product was fully IETF-compliant.

Sorry, but the assignment of a port number by IANA is not really
required for supporting LDAP over SSL/TLS on a separate port since you
could happily use ldaps://host:636 or any other port anyway and still be
IETF-compliant.

Ciao, Michael.

References:
- failover config: servers with same DNS address and TLS, subjectAltName extension
  - From: Emmanuel Dreyfus <manu@netbsd.org>
- Re: failover config: servers with same DNS address and TLS, subjectAltName extension
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- LDAPS vs. StartTLS ext. op. (was: Re: failover config: servers with....)
  - From: Michael Ströder <michael@stroeder.com>
- Re: LDAPS vs. StartTLS ext. op.
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: Configuring TLS
Next by Date: Re: Configuring TLS
Index(es):
- Chronological
- Thread