[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: draft minutes from Chicago meeting

To: 'Phil Pinkerton' <phil%jade@wg.icl.co.uk>, ietf-ldapext@netscape.com, Erik Skovgaard <eskovgaard@geotrain.com>
Subject: RE: draft minutes from Chicago meeting
From: Paul Leach <paulle@microsoft.com>
Date: Sat, 03 Oct 1998 15:29:21 -0700
Resent-date: Sat, 03 Oct 1998 15:29:26 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"8GWXC.0.QU5.4Lg5s"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com


> -----Original Message-----
> From: Phil Pinkerton [mailto:phil%jade@wg.icl.co.uk]
> Sent: Friday, October 02, 1998 6:35 AM
> To: ietf-ldapext@netscape.com; Erik Skovgaard
> Subject: Re: draft minutes from Chicago meeting
> 
.  If
> you are proposing TLS client authentication using 
> certificates to validate a
> client then I can see how this would work and get around your 
> distribution
> issues, but this is heavy to mandate when 90% (my guess) of the LDAP
> directory deployments out there are probably single-server.

Maybe they only have one LDAP server, but that also have mail, web, FTP,
news, and other servers. That's why it's important to use a mechanism that
supports all those protocols, and that allows a third party auithentication
service, so each application server doesn't have to be configured with its
own copy of the authentication database -- a truly bad thing from a security
standpoint.

Paul

Follow-Ups:
- RE: draft minutes from Chicago meeting
  - From: Erik Skovgaard <eskovgaard@geotrain.com>

Prev by Date: RE: draft minutes from Chicago meeting
Next by Date: RE: draft minutes from Chicago meeting
Index(es):
- Chronological
- Thread