[Date Prev][Date Next] [Chronological] [Thread] [Top]

authmeth-17 notes

To: ietf-ldapbis@OpenLDAP.org
Subject: authmeth-17 notes
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Tue, 08 Nov 2005 15:49:16 +0100

Sorry to be so late...

>3.1.2. Client Certificate
>   If a client that has provided a suitable certificate subsequently
>   performs a Bind operation using the SASL EXTERNAL authentication
>   mechanism (section 5.2.1), information in the certificate may
>   be used by the server to identify and authenticate the client.

Why was "may subsequently be used" changed to "may be used" here?

3.1.3.1. Comparison of DNS Names
>   That is, the subject
>   *.example.com matches the server names a.example.com and
>   b.example.com but not the server name example.com.

This example lost one case since authmeth-16.  I suggest:

>   That is, the subject
>   *.example.com matches the server name a.example.com, but not
>   the server names example.com and b.a.example.com.

More of the TLS vs anonymous discussion follows.

-- 
Hallvard

Follow-Ups:
- Re: authmeth-17 notes
  - From: "Roger Harrison" <RHARRISON@novell.com>

Prev by Date: Protocol Action: 'LDAP: The Protocol' to Proposed Standard
Next by Date: Re: auth state & silent change to anonymous (was: SASL Semantics Within LDAP)
Index(es):
- Chronological
- Thread