[Date Prev][Date Next] [Chronological] [Thread] [Top]

authmeth: re-fetching supportedSASLmechanisms

To: ietf-ldapbis@OpenLDAP.org
Subject: authmeth: re-fetching supportedSASLmechanisms
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Mon, 17 Nov 2003 18:06:41 +0100

authmeth-08 section 3.3.5 says:

   If the client is configured to support multiple SASL mechanisms, it 
   SHOULD fetch the supportedSASLmechanisms list both before and after 
   the SASL security layer is negotiated. This allows the client to 
   detect active attacks that remove supported SASL mechanisms from the 
   supportedSASLMechanisms list and allows the client to ensure that it 
                                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
   is using the best mechanism supported by both client and server.
   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Delete the underlined text.  It does not allow the client to ensure
that.  The password has already been sent with a weaker mechanism by
the time the client discovers that a stronger mechanism is available.

-- 
Hallvard

Prev by Date: Re: Protocol: referrals and other URIs
Index(es):
- Chronological
- Thread