I'm not sure why an I-D announcement hasn't been sent out, but
draft-ietf-ldapbis-authmeth-12.txt is now posted at
This version of the draft is essentially ready for WG last call. Please
review it and give me your comments in the next 1-2 weeks. I expect to post a
version ready for WG last call shortly after this period passes based on your
feedback.
Changes for draft-ldapbis-authmeth-12
General
- Changed refererences from Start TLS
to StartTLS.
- Removed Appendix B: Example
Deployment Scenarios
- Removed Appendix H as all
issues listed in the appendix are now
resolved.
Section 2
-
Added implementation requirement that server
implementations
that SUPPORT StartTLS
MUST support the
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA ciphersuite.
Section
3.1.2
- Added wording clarifying that a
client's association is
unaffected if
a non-success resultCode is returned in
the
StartTLS
response.
Section 9.2
-
Final paragraph of this section details requirements
for
serverSaslCreds field when no
challenge value is sent.
Section
10
- Clarified language on uAuthzID
usage.
Section 12
- Moved
entire section into security considerations. New
section
number is
12.1.1.
- Reorganized security considerations by
topic.
- Added several security considerations
based on WG feedback.
Section
13
- Moved section to become section 3.3.
--Roger