> -----Original Message-----
> From: Harald Tveit Alvestrand [mailto:Harald@Alvestrand.no]
> Sent: Saturday, November 20, 1999 7:34 PM
> I think this is stretching the IESG position a bit.
> The IESG policy is intended to insist that standards-implementing products
> must make it *possible* for protocols to implement sane security.
> It's been hashed out very many times that it's impossible to require that
> they *use* that security.
> I think the LDAP API would definitely be rejected for
> standards-track if it
> did not offer API functions to use adequate security mechanisms.
>
> But this does not imply that the API should be a policy
> enforcement point.
I wasn't trying to say that it had to be a policy enforcement point just because of the IESG requirement that security be dealt with in standards.
I do believe that security considerations relevant to LDAP mandate that the LDAP API be _able_ to be enforce certain policies related to those security considerations.
Most particularly, IIRC, the continued use of plaintext passwords as an authentication mechanism was the proximate cause of the IESG mandate to have security considerations in new standards.
In that light, I think that my proposal to require implementations of the LDAP API to be configured to not send plaintext passwords is fairly modest. The proposal did not say that they have to enforce that policy -- it just says they have to be configurable to enforce that policy. I.e., w.r.t. your comments, it does not require that they use the security, only that users concerned with security have the tools to get it.
Paul