[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: IETF ldapbis WG Last Call: draft-ietf-ldapbis-user-schema-05.txt

To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Subject: Re: IETF ldapbis WG Last Call: draft-ietf-ldapbis-user-schema-05.txt
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Mon, 26 May 2003 22:27:14 +0200
Cc: Michael Ströder <michael@stroeder.com>, ietf-ldapbis@OpenLDAP.org
In-reply-to: <5.2.0.9.0.20030526125326.0293ac10@127.0.0.1>
References: <5.2.0.9.0.20030523163225.0278b740@127.0.0.1> <3ED26DAD.4050705@stroeder.com> <5.2.0.9.0.20030526125326.0293ac10@127.0.0.1>

Kurt D. Zeilenga writes:
>>"Add: Use of integrity protection is encouraged to prevent session hijacking."
>>
>>Which session is meant here?
> 
> The LDAP session.
> 
> If one uses a mechanism such as DIGEST-MD5 without
> negotiating integrity protection to authenticate,
> a man-in-middle can hijack the session after
> authentication completes. 

What has that to do with schema?  Sounds like a protocol or authmeth
issue to me.

I'd also like to see this paragraph removed:

   It is required that strong authentication be performed in order to 
   modify directory entries using LDAP.

for the same reason.  I've mentioned that before, IIRC the answer was
that yes, it's covered elsewere - but not as a requirement.  I can't
find the thread now, though.

-- 
Hallvard

References:
- Re: IETF ldapbis WG Last Call: draft-ietf-ldapbis-user-schema-05.txt
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: IETF ldapbis WG Last Call: draft-ietf-ldapbis-user-schema-05.txt
  - From: Michael Ströder <michael@stroeder.com>
- Re: IETF ldapbis WG Last Call: draft-ietf-ldapbis-user-schema-05.txt
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: IETF ldapbis WG Last Call: draft-ietf-ldapbis-user-schema-05.txt
Next by Date: Re: IETF ldapbis WG Last Call: draft-ietf-ldapbis-user-schema-05.txt
Index(es):
- Chronological
- Thread