[Date Prev][Date Next] [Chronological] [Thread] [Top]

Protocol: Controls & multi-message operations

To: ietf-ldapbis@OpenLDAP.org
Subject: Protocol: Controls & multi-message operations
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Wed, 23 Feb 2005 16:39:06 +0100

Maybe something like this should be to [Protocol] section 4.1.11
(Controls) or 6 (Security Considerations):

  The Bind requests in a multi-step SASL Bind can have different
  sets of controls.  So can multiple LDAP messages returned in
  response to a single LDAP request.  Such control combinations
  over multiple LDAPMessages may be inconsistent.  Protocol peers
  may need to verify that they make sense instead of just trusting
  the controls of some of the received LDAPMessages.

At least I imagine one could attack a sloppy server or client by
sending such inconsistent control combinations, though I can't
come up with a concrete example at the moment.

-- 
Hallvard

Follow-Ups:
- Re: Protocol: Controls & multi-message operations
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: draft-zeilenga-ldap-x509 -> PS
Next by Date: Re: Protocol: Controls & multi-message operations
Index(es):
- Chronological
- Thread