I agree with Hallvard on this one. Jim, can you add the sentence, "In this case the LDAP session is left without a TLS layer," at the end of section 4.14.2?
>>> Hallvard B Furuseth <firstname.lastname@example.org> 10/19/05 11:12 pm >>>
Since Roger said protocol-like issues were moved back to [Protocol], I
suggest the last sentence in Authmeth-16 3.1.2 is moved to [Protocol]
"Authmeth-16 3.1.2. StartTLS Response
The server will return a resultCode other than success (as
documented in [Protocol] section 4.14.2) if it is unwilling or
unable to negotiate TLS. In this case the LDAP session is left
without a TLS layer."
Then Authmeth does not need to mention non-success StartTLS at all, it
can just say that the rest of the section is about TLS issues after a