[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Protocol: Controls & multi-message operations

To: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Subject: Re: Protocol: Controls & multi-message operations
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Wed, 23 Feb 2005 08:34:19 -0800
Cc: ietf-ldapbis@OpenLDAP.org
In-reply-to: <hbf.20050223obvr@bombur.uio.no>
References: <hbf.20050223obvr@bombur.uio.no>

At 07:39 AM 2/23/2005, Hallvard B Furuseth wrote:
>Maybe something like this should be to [Protocol] section 4.1.11
>(Controls) or 6 (Security Considerations):
>  The Bind requests in a multi-step SASL Bind can have different
>  sets of controls.  So can multiple LDAP messages returned in
>  response to a single LDAP request.  Such control combinations
>  over multiple LDAPMessages may be inconsistent.  Protocol peers
>  may need to verify that they make sense instead of just trusting
>  the controls of some of the received LDAPMessages.
>
>At least I imagine one could attack a sloppy server or client by
>sending such inconsistent control combinations, though I can't
>come up with a concrete example at the moment.

I fail to see a security consideration here, or are you
just saying that a client or server might send malformed
messages to a peer to attack it?  If so, I don't see why
we should single out malformed combinations of controls
as an example of such an attack, considering you (nor I)
have a concrete example of such an attack.

Kurt

Follow-Ups:
- Re: Protocol: Controls & multi-message operations
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

References:
- Protocol: Controls & multi-message operations
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

Prev by Date: Protocol: Controls & multi-message operations
Next by Date: Re: Protocol: Controls & multi-message operations
Index(es):
- Chronological
- Thread