[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Protocol: Controls & multi-message operations
At 07:39 AM 2/23/2005, Hallvard B Furuseth wrote:
>Maybe something like this should be to [Protocol] section 4.1.11
>(Controls) or 6 (Security Considerations):
> The Bind requests in a multi-step SASL Bind can have different
> sets of controls. So can multiple LDAP messages returned in
> response to a single LDAP request. Such control combinations
> over multiple LDAPMessages may be inconsistent. Protocol peers
> may need to verify that they make sense instead of just trusting
> the controls of some of the received LDAPMessages.
>
>At least I imagine one could attack a sloppy server or client by
>sending such inconsistent control combinations, though I can't
>come up with a concrete example at the moment.
I fail to see a security consideration here, or are you
just saying that a client or server might send malformed
messages to a peer to attack it? If so, I don't see why
we should single out malformed combinations of controls
as an example of such an attack, considering you (nor I)
have a concrete example of such an attack.
Kurt