[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Protocol: Controls & multi-message operations
Maybe something like this should be to [Protocol] section 4.1.11
(Controls) or 6 (Security Considerations):
The Bind requests in a multi-step SASL Bind can have different
sets of controls. So can multiple LDAP messages returned in
response to a single LDAP request. Such control combinations
over multiple LDAPMessages may be inconsistent. Protocol peers
may need to verify that they make sense instead of just trusting
the controls of some of the received LDAPMessages.
At least I imagine one could attack a sloppy server or client by
sending such inconsistent control combinations, though I can't
come up with a concrete example at the moment.
--
Hallvard