Re: protocol: closing SASL upon Unbind

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 02:44 PM 12/6/2004, Hallvard B Furuseth wrote:
>I wrote:
>>Kurt D. Zeilenga writes:
>>> The SASL mechanism itself may provide a layer closure facility
>>> and, if so, it should be used.
>> 
>> If so, [SASL] should be modified to mention such a facility: The
>> application shouldn't need to know that the particilar SASL layer it is
>> using has such a facility; the SASL implementation itself should provide
>> a "close the current layer" function.
>
>Sorry, I meant "close the current layer if necessary", or "attempt to
>close the current layer", or something like that.

If a peer attempts to gracefully close the current layer and fails,
wouldn't the peer then ungracefully close the current layer.

Do we really need to say anything more than "close the SASL layer"?

Or maybe we should say:
        cease exchanges at the LDAP message layer,
        tear down the SASL layer,
        tear down the TLS layer, and
        tear down the transport connection.

Note here that as SASL layer also refers to associations
established through the SASL services, so tear down applies
regardless of whether a SASL data security layer was installed
or not.

We can than say something like:
        Where the installed data security and transport services
        provide for graceful closure, the implementation SHOULD
        attempt graceful closure before resorting to ungraceful
        closure.

Kurt