[Date Prev][Date Next] [Chronological] [Thread] [Top]

authmeth - StartTLS security consideration

To: ietf-ldapbis@OpenLDAP.org
Subject: authmeth - StartTLS security consideration
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Tue, 07 Feb 2006 11:24:01 -0800

In respect to the following text:
  Clients SHOULD by default either warn the user when the security
  level achieved does not provide an acceptable level of data
  confidentiality and/or data integrity protection, or be configured
  to refuse to proceed without an acceptable level of security.

the IESG basically asked "under what circumstances would it
be acceptable for a client, by default, to proceed without
any warning with an unacceptable level of security", if none,
the SHOULD ought to be a MUST.

Though I noted that one such circumstance is where it is possible,
through subsequent protocol exchanges (e.g., SASL), to achieve an
acceptable level of security.  However, I didn't see the MUST
precluding this.

I personally have no problem with keeping this a SHOULD if someone
can come up with acceptable text that provides a reasonable
circumstance where not following the recommendation would be
appropriate.

I also noted that second half of this text appears to place
a SHOULD upon the user (or admin) and not the implementor.
The RFC 2830 text:
   Clients SHOULD either warn the user when the security level achieved
   does not provide confidentiality and/or integrity protection, or be
   configurable to refuse to proceed without an acceptable level of
   security.
is better in this regard.  I believe it was rewritten to imply
that the default configuration should be to 'refuse to proceed'
or 'warn'.

Considering all of the above, the following replacement text
is offered for WG consideration.

  Clients MUST by default either warn the user when the
  security level achieved does not provide an acceptable
  level of data confidentiality and/or data integrity
  protection, or refuse to proceed without an acceptable
  level of security.  This requirement is not intended
  to preclude a client from attempting to achieve an
  acceptable level of security via other means (e.g.,
  SASL), or combination of means.

Please provide comment as soon as possible so appropriate
direction can be provided to the Editor by week's end.

Prev by Date: Re: authmeth TLS ciphersuites
Next by Date: Protocol Action: 'IANA Considerations for LDAP' to BCP
Index(es):
- Chronological
- Thread