[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Revisited: effect of Start TLS on authentication state

To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Subject: Re: Revisited: effect of Start TLS on authentication state
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Sun, 7 Dec 2003 22:17:35 +0100
Cc: Roger Harrison <RHARRISON@novell.com>, ietf-ldapbis@OpenLDAP.org
In-reply-to: <6.0.0.22.0.20031206115541.027cfd38@127.0.0.1>
References: <sfd0daef.059@prv-mail20.provo.novell.com> <HBF.20031206x2su@bombur.uio.no> <6.0.0.22.0.20031206115541.027cfd38@127.0.0.1>

Kurt D. Zeilenga writes:
>At 12:38 AM 12/6/2003, Hallvard B Furuseth wrote:
>>> The decision to keep or invalidate the established authentication
>>> and authorization identities in place after TLS closure is a matter
>>> of local server policy.
>>
>>Why?
> 
> The rationale is that servers are allowed, for any reason,
> to invalidate the LDAP association.  It makes no sense to
> say that they cannot do that as a result of TLS closure
> when they could do otherwise.

I don't understand.  Why can't they do it after TLS closure if it isn't
spelled out in the section of TLS closure section?  Why is not spelling
it out there different from not spelling it out in the Delete operation
section (since Delete can delete the DN which the user was bound as)?

-- 
Hallvard

Follow-Ups:
- Re: Revisited: effect of Start TLS on authentication state
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- Re: Revisited: effect of Start TLS on authentication state
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: Revisited: effect of Start TLS on authentication state
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: Revisited: effect of Start TLS on authentication state
Next by Date: draft-ietf-ldapbis-bcp64-01 comments
Index(es):
- Chronological
- Thread