[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: LDAPDN and AuthMeth/DIGEST-MD5

To: "'Kurt D. Zeilenga'" <Kurt@OpenLDAP.Org>
Subject: RE: LDAPDN and AuthMeth/DIGEST-MD5
From: "Paul Leach (Exchange)" <paulle@Exchange.Microsoft.com>
Date: Thu, 18 Nov 1999 20:20:28 -0800
Cc: ietf-ldapext@netscape.com
Resent-date: Thu, 18 Nov 1999 20:20:41 -0800 (PST)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"8bcTXB.A.8sC.QANN4"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

Title: RE: LDAPDN and AuthMeth/DIGEST-MD5

> -----Original Message-----
> From: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.Org]
> Sent: Thursday, November 18, 1999 7:01 PM
>
> I recommend that the new bind method (non-SASL) be
> drafted which adapts the algorithm suggested DIGEST-MD5
> to support LDAP DN authorization identities.

I strenuously object to any LDAP-specific authentication protocol being required.

There are dozens of application protocols -- if they all took this approach, it will be in practice impossible to get all of their specific authentication mechanisms correct.

The correct approach to security is to put all your eggs in one basket (or at worst a few baskets) and then guard the baskets very carefully.

Paul

Follow-Ups:
- RE: LDAPDN and AuthMeth/DIGEST-MD5
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.Org>

Prev by Date: RE: Policy in IETF APIs (was: Standards and APIs)
Next by Date: Re: LDAPsubentry
Index(es):
- Chronological
- Thread