[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: authmeth-14 notes

To: "RL 'Bob' Morgan" <rlmorgan@washington.edu>
Subject: Re: authmeth-14 notes
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Mon, 7 Mar 2005 10:34:32 +0100
Cc: ietf-ldapbis@OpenLDAP.org
In-reply-to: <Pine.LNX.4.62.0503070007270.4686@perp.cac.washington.edu>
References: <hbf.20050306xwhh@bombur.uio.no> <Pine.LNX.4.62.0503070007270.4686@perp.cac.washington.edu>

RL 'Bob' Morgan writes:
>On Sun, 6 Mar 2005, Hallvard B Furuseth wrote:
>>> 3.1.6. Server Identity Check
>>
>>>   Matching is performed according to these rules:
>>
>> Can someone remind me why this is specified here instead of in [TLS]?
>> It doesn't look LDAP-specific.  I can't find the answer in the archive.
>
> TLS regards this as application-specific, and indeed applications do vary.
> TLS for SMTP says almost nothing about server name checking, for example.

Thanks.

> (...)  A generic "Application Protocol Use of TLS" doc might
> include other stuff too like recommending a STARTTLS command instead of
> separate-port, effects of mid-stream TLS state changes on app protocol
> state, insecure cipher suite warnings, etc.  I suspect at this point we
> don't want to rip all this stuff out of authmeth, write a new doc, confer
> with other WGs (IMAP, SMTP, BEEP, etc) for agreement, etc.  Could well be
> the right approach for the next iteration after this one, though.

Sounds right.

-- 
Hallvard

References:
- authmeth-14 notes
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: authmeth-14 notes
  - From: "RL 'Bob' Morgan" <rlmorgan@washington.edu>

Prev by Date: Re: syntaxes-10 notes
Next by Date: attribute options
Index(es):
- Chronological
- Thread