[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: LDAP extension draft for GSSAPI protection of session data

To: Jonathan Trostle <jtrostle@cisco.com>, Chris.Newman@INNOSOFT.COM
Subject: RE: LDAP extension draft for GSSAPI protection of session data
From: Bruce Greenblatt <Bgreenblatt@rsa.com>
Date: Fri, 31 Jul 1998 13:58:17 -0700
Cc: ietf-ldapext@netscape.com
Resent-date: Fri, 31 Jul 1998 13:56:36 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"TEeSS3.0.sH3.2-Ymr"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

Jonathan,

Is it your expectation that there will be numerous changes during the LDAP
"session" of the GSSAPI parameters?  I'd have thought that once the
encryption parameters were set up, then they'd stay the same for the life of
the session.  If this is the case a multi-stage Bind using SASL seems likely
to accomplish almost all of what you're trying to do.  

Bruce

> -----Original Message-----
> From:	Jonathan Trostle [SMTP:jtrostle@cisco.com]
> Sent:	Friday, July 31, 1998 12:06 PM
> To:	jtrostle@cisco.com; Chris.Newman@INNOSOFT.COM
> Cc:	ietf-ldapext@netscape.com
> Subject:	Re: LDAP extension draft for GSSAPI protection of session
> data
> 
> Right. Except these spec.'s do not specify how GSSAPI Wrap tokens are to
> be 
> carried within the LDAP protocol to secure the LDAP session data. In other
> 
> words, they specify only how initial authentication is to occur for LDAP
> using 
> GSSAPI. 
> 
> Jonathan 
> 
> > X-SMAP-Received-From: outside
> > Resent-Date: Thu, 30 Jul 1998 08:44:20 -0700 (PDT)
> > Date: Thu, 30 Jul 1998 08:44:17 -0700 (PDT)
> > From: Chris Newman <Chris.Newman@INNOSOFT.COM>
> > Subject: Re: LDAP extension draft for GSSAPI protection of session data
> > To: Jonathan Trostle <jtrostle@cisco.com>
> > Cc: ietf-ldapext@netscape.com
> > MIME-version: 1.0
> > Originator-Info: login-id=chris; server=THOR.INNOSOFT.COM
> > Resent-Message-ID: <"kLjpD.0.Vh2.FJ9mr"@glacier>
> > Resent-From: ietf-ldapext@netscape.com
> > X-Mailing-List: <ietf-ldapext@netscape.com> archive/latest/567
> > X-Loop: ietf-ldapext@netscape.com
> > Resent-Sender: ietf-ldapext-request@netscape.com
> > 
> > On Wed, 29 Jul 1998, Jonathan Trostle wrote:
> > > I did not think that spec. included how the wrapped tokens should be
> > > transmitted in the LDAP protocol.
> > 
> > RFC 2251 section 4.2.2. 3rd paragraph says when a SASL security layer
> > starts in LDAP, and RFC 2222 specifies how a SASL security layer is
> > formed, and how GSS API is used to negotiate and form a security layer.
> > 
> > 		- Chris
> >

Prev by Date: Re: LDAP extension draft for GSSAPI protection of session data
Next by Date: RE: LDAP extension draft for GSSAPI protection of session data
Index(es):
- Chronological
- Thread