[Date Prev][Date Next] [Chronological] [Thread] [Top]

protocol: new SASL layers

To: ietf-ldapbis@OpenLDAP.org
Subject: protocol: new SASL layers
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Wed, 30 Apr 2003 14:17:09 -0700

I believe this text should be deleted.
>   If a SASL transfer encryption or integrity mechanism has been negotiated,
>   that mechanism does not support the changing of credentials from one
>   identity to another, then the client MUST instead establish a new
>   connection.

Each SASL negotiation is, generally, independent of other SASL
negotiations.  If there were dependencies between multiple
negotiations of a particular mechanism, the mechanism technical
specification should detail how applications are to deal with
them.  LDAP should not require any special handling.  And if
an LDAP client had used such a mechanism, it would have the
option of using another mechanism.

Comments?

Kurt

Follow-Ups:
- Re: protocol: new SASL layers
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: result code for a deleted identity on a connection
Next by Date: Re: protocol: new SASL layers
Index(es):
- Chronological
- Thread