[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Simple auth and TLS (Was: authmeth review notes [long])

To: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Subject: Re: Simple auth and TLS (Was: authmeth review notes [long])
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Tue, 09 Mar 2004 10:36:00 -0800
Cc: Michael Ströder <michael@stroeder.com>, ietf-ldapbis@OpenLDAP.org
In-reply-to: <HBF.20040309576@bombur.uio.no>
References: <6.0.1.1.0.20040227070642.04cd3330@127.0.0.1> <40436D07.2090008@stroeder.com> <HBF.20040309576@bombur.uio.no>

At 10:25 AM 3/9/2004, Hallvard B Furuseth wrote:
>Michael Ströder writes:
>>Kurt D. Zeilenga wrote:
>>> 
>>>  LDAP implementations SHOULD support the simple DN/password mechanism
>>>  of the simple Bind method (as detailed in Section X).
>> 
>> s/SHOULD/MUST/
>> 
>>>  Implementations
>>>  which support this mechanism MUST be capable of protecting it by
>>>  establishment (as discussed in Section 3) of TLS. 
>> 
>> s/MUST/SHOULD/
>
>Still wrong.  Together, these changes require implementations that do
>not support TLS, to implement a security hole.

Which security hole you refer to here?

Kurt

Follow-Ups:
- Re: Simple auth and TLS (Was: authmeth review notes [long])
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

References:
- Re: authmeth review notes [long]
  - From: Michael Ströder <michael@stroeder.com>
- Simple auth and TLS (Was: authmeth review notes [long])
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

Prev by Date: Simple auth and TLS (Was: authmeth review notes [long])
Next by Date: Re: Access control vs. caches and gateways
Index(es):
- Chronological
- Thread