Yeah, I guess the way I put it would have the server sprouting legs and walking home.|
>>> "Ramsay, Ron" <Ron.Ramsay@ca.com> 10/18/05 7:27:33 pm >>>
Just a point on the grammar, "it returns" *what* "with the result code set to success." The sentence needs an object.
From: owner-ietf-ldapbis@OpenLDAP.org [mailto:owner-ietf-ldapbis@OpenLDAP.org] On Behalf Of Jim Sermersheim
Sent: Wednesday, 19 October 2005 8:33 AM
To: Roger Harrison; ietf-ldapbis@OpenLDAP.org; Hallvard Furuseth
Subject: Re: [Protocol] clarification on StartTLS resonse (WAS:authmeth-15notes)
My proposed change to [Protocol] Section 4.14.2 is this:
If the server is willing and able to negotiate TLS, it returns with the resultCode set to success. Refer to Section 4 of [AuthMeth] for details.
If the server is willing and able to negotiate TLS, it returns with the resultCode set to success. At this point the protocol peers may commence with TLS negotiation. Refer to Section 4 of [AuthMeth] for details.
>>> "Roger Harrison" <RHARRISON@novell.com> 9/26/05 1:08:52 pm >>>
> > 3.1.2. StartTLS Response
> > The server will return a resultCode other than success (as
> > documented in [Protocol] section 126.96.36.199) if it is unwilling or
> > unable to negotiate TLS. In this case the LDAP session is left
> > without a TLS layer.
> This only says what happens at non-success, not at success.
> [Protocol] is rather sparse about it too.
Based on Hallvard's query above, Jim Sermersheim and I recommend a change to paragraph 2 of [Protocol] section 14.4.2 to explicitly state that a success resultCode indicates that the protocol peers should begin TLS negotiation. I'll leave it to Jim to craft the wording.