[Date Prev][Date Next] [Chronological] [Thread] [Top]

[Protocol] clarification on StartTLS resonse (WAS: authmeth-15 notes)

To: <ietf-ldapbis@OpenLDAP.org>, "Hallvard Furuseth" <h.b.furuseth@usit.uio.no>
Subject: [Protocol] clarification on StartTLS resonse (WAS: authmeth-15 notes)
From: "Roger Harrison" <RHARRISON@novell.com>
Date: Mon, 26 Sep 2005 13:08:52 -0600
In-reply-to: <4337F19C.DBA8.00BF.0@novell.com>
References: <hbf.20050923ecmo@bombur.uio.no> <4337F19C.DBA8.00BF.0@novell.com>

> > 3.1.2. StartTLS Response

> >

> > The server will return a resultCode other than success (as

> > documented in [Protocol] section 4.13.2.2) if it is unwilling or

> > unable to negotiate TLS. In this case the LDAP session is left

> > without a TLS layer.

> This only says what happens at non‑success, not at success.

> [Protocol] is rather sparse about it too.

Based on Hallvard's query above, Jim Sermersheim and I recommend a change to paragraph 2 of [Protocol] section 14.4.2 to explicitly state that a success resultCode indicates that the protocol peers should begin TLS negotiation. I'll leave it to Jim to craft the wording.

Thanks,

Roger

References:
- authmeth-15 notes
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: authmeth-15 notes
  - From: "Roger Harrison" <RHARRISON@novell.com>

Prev by Date: Re: Extension: WG Last Call: draft-ietf-ldapbis-authmeth-15.txt
Next by Date: Re: authmeth-15 notes
Index(es):
- Chronological
- Thread