[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: protocol: closing SASL upon Unbind
>> cease exchanges at the LDAP message layer, tear down any SASL and TLS
>> layers as appropriate, and tear down the transport connection.
I would be fine with:
cease exchanges at the LDAP message layer, tear down any SASL
layer, tear down any TLS layer, and close the transport
connection.
This has same basic level of vagueness as your suggestion.
My suggest differs slightly for a couple of subtle reasons.
I dislike the phrase "SASL and TLS layers" as unclear whether
this semantically equivalent "SASL layer and TLS layer". That
is, I rather avoid using variants of use our defined terms.
I removed "as appropriate" as its extraneous and makes the
sentence harder to read. The "any" makes it reasonable clear
that no tear down work may be needed where SASL is not in
use and/or no SASL security layer is in place.
I prefer "close" over "tear down" for the transport connection
as "close" is the more common terminology here.
At 08:43 AM 12/7/2004, Hallvard B Furuseth wrote:
>Kurt D. Zeilenga writes:
>>At 08:01 AM 12/7/2004, Hallvard B Furuseth wrote:
>>> SASL also doesn't say in which order SASL and TLS layers must be
>>> removed. Is there any reason LDAP needs to specify this?
>>
>> LDAP specifies that SASL is layered above TLS. During graceful
>> closure, one shouldn't teardown a lower layer until the above
>> layers have been torn down.
>
>Well, it seems like the obvious thing to do if SASL did define graceful
>closure of a layer.
Though this might be moot now, I note:
The SASL framework does not and likely will not define how to do
graceful closure, however a mechanism can define as part of its
data security layer a graceful closure facility. This can even
be associated with another "kind of security services", which
the SASL I-D explicitly states mechanisms may offer.
Kurt