[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: AuthMeth issue summary

To: "Paul Leach (Exchange)" <paulle@Exchange.Microsoft.com>
Subject: RE: AuthMeth issue summary
From: "Kurt D. Zeilenga" <kurt@boolean.net>
Date: Fri, 10 Dec 1999 15:10:54 -0800
Cc: "'Kurt D. Zeilenga'" <Kurt@OpenLDAP.Org>, Mark Wahl <M.Wahl@INNOSOFT.COM>, ietf-ldapext@netscape.com
In-reply-to: <19398D273324D3118A2B0008C7E9A569051BEB9D@SIT.platinum.corp.microsoft.com>
Resent-date: Fri, 10 Dec 1999 15:17:05 -0800 (PST)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"Q06nXB.A.vfG.mnYU4"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

At 02:45 PM 12/10/99 -0800, Paul Leach (Exchange) wrote: 
>We are in complete agreement on the last point, and in fact on all the previous >ones you mentioned, _except_ for the claim that this is a deficiency of >SASL/Digest, or even the province of SASL to specify.

I concur that this is NOT a deficiency of SASL/Digest.  I did not
mean to imply such.

I meant only to clarify that LDAP use of of SASL/Digest as defined by
AuthMeth does not provide the LDAP community with a mechanism for
authenticating users identified by LDAP DNs.

The deficiency, in my opinion, is that AuthMeth fails to provide
a mechanism to authenticate users identified by an LDAP DN.

The deficiency, on the other hand, could be my view that this issue
is within the scope of the AuthMeth draft.  If it's not, I strongly
recommend that a statement be added to AuthMeth draft that states
that it does not specify a secure mechanism for authenticating
users identified by LDAP DNs.

	Kurt

----
Kurt D. Zeilenga		<kurt@boolean.net>
Net Boolean Incorporated	<http://www.boolean.net/>

References:
- RE: AuthMeth issue summary
  - From: "Paul Leach (Exchange)" <paulle@Exchange.Microsoft.com>

Prev by Date: RE: AuthMeth issue summary
Next by Date: RE: AuthMeth issue summary
Index(es):
- Chronological
- Thread