[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: draft minutes from Chicago meeting
> -----Original Message-----
> From: Phil Pinkerton [mailto:phil%jade@wg.icl.co.uk]
> Sent: Friday, October 02, 1998 6:35 AM
> To: ietf-ldapext@netscape.com; Erik Skovgaard
> Subject: Re: draft minutes from Chicago meeting
>
. If
> you are proposing TLS client authentication using
> certificates to validate a
> client then I can see how this would work and get around your
> distribution
> issues, but this is heavy to mandate when 90% (my guess) of the LDAP
> directory deployments out there are probably single-server.
Maybe they only have one LDAP server, but that also have mail, web, FTP,
news, and other servers. That's why it's important to use a mechanism that
supports all those protocols, and that allows a third party auithentication
service, so each application server doesn't have to be configured with its
own copy of the authentication database -- a truly bad thing from a security
standpoint.
Paul