[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: LDAP extension draft for GSSAPI protection of session data

To: Jonathan Trostle <jtrostle@cisco.com>
Subject: RE: LDAP extension draft for GSSAPI protection of session data
From: Chris Newman <Chris.Newman@INNOSOFT.COM>
Date: Tue, 04 Aug 1998 12:40:41 -0700 (PDT)
Cc: ietf-ldapext@netscape.com, Bgreenblatt@rsa.com
In-reply-to: <199808041927.MAA28754@jtrostle-ultra.cisco.com>
Resent-date: Tue, 04 Aug 1998 12:40:41 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"p_cfZ.0.OM4.tEsnr"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

On Tue, 4 Aug 1998, Jonathan Trostle wrote:
> Thanks for your efforts, but I do not see where SASL specifies how the data 
> stream (following initial authentication) tokens are exchanged. Are you saying 
> that the bare unencapsulated GSS Wrap tokens are sent on the wire?

They are encapsulated in a SASL security layer as specified in the last
paragraph of section 3 of RFC 2222.

A SASL security layer is a series of "cipher text blocks", each with a
4-octet length prefix in big-endian byte order.

When the GSSAPI mechanism is used, the cipher text blocks are formed from
GSS_Wrap() tokens.

		- Chris

References:
- RE: LDAP extension draft for GSSAPI protection of session data
  - From: Jonathan Trostle <jtrostle@cisco.com>

Prev by Date: RE: LDAP extension draft for GSSAPI protection of session data
Next by Date: ExtendedResponse defination in draft-ietf-ldapext-ldapv3-tls-01.txt
Index(es):
- Chronological
- Thread