|
I'm not sure why an I-D announcement hasn't been sent out, but draft-ietf-ldapbis-authmeth-12.txt is now posted at
This version of the draft is essentially ready for WG last call. Please review it and give me your comments in the next 1-2 weeks. I expect to post a version ready for WG last call shortly after this period passes based on your feedback.
Changes for draft-ldapbis-authmeth-12
General - Changed refererences from Start TLS to StartTLS. - Removed Appendix B: Example Deployment Scenarios - Removed Appendix H as all issues listed in the appendix are now resolved. Section 2 - Added implementation requirement that server implementations that SUPPORT StartTLS MUST support the TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA ciphersuite. Section 3.1.2 - Added wording clarifying that a client's association is unaffected if a non-success resultCode is returned in the StartTLS response. Section 9.2 - Final paragraph of this section details requirements for serverSaslCreds field when no challenge value is sent. Section 10 - Clarified language on uAuthzID usage. Section 12 - Moved entire section into security considerations. New section number is 12.1.1. - Reorganized security considerations by topic. - Added several security considerations based on WG feedback. Section 13 - Moved section to become section 3.3. --Roger |