[Date Prev][Date Next]
authmeth: SASL protocol profile
About Authmeth Section 3.3 (SASL Authentication Profile):
According to [SASL], the LDAP protocol profile must explicitly mention
- that LDAP supports "multiple authentications",
- the form of the authorization identity,
and SHOULD specify use of SASLPrep.
Sections 3.3.5 (Rules for using SASL security layers) and 3.3.6 (Use of
EXTERNAL SASL Mechanism) should be removed or moved away from the
protocol profile. Unless I've gone blind, the [SASL] protocol profile
requirements do not mention them.
I think section 3.3 should be renamed 'SASL Protocol Profile', so
readers of [SASL] can _find_ the 'protocol profile' by searching the
authmeth document for that phrase.
A suggestion in my 'authmeth-07 issues' message was bogus: To move
section 3.3.3 (Octet where negotiated security mechanisms take effect)
away from the protocol profile section. I hadn't realized what a
protocol profile was when I said that.