[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Authz/Authc state upon start TLS

To: IETF LDAP Extensions WG <ietf-ldapext@netscape.com>
Subject: Re: Authz/Authc state upon start TLS
From: "Kurt D. Zeilenga" <kurt@boolean.net>
Date: Mon, 13 Dec 1999 08:51:09 -0800
In-reply-to: <385494B9.3A90B24B@oblix.com>
References: <s833d54e.096@prv-mail25.provo.novell.com> <3835FB2B.1BE204A3@boolean.net> <384D7EDF.CA7F05AD@oblix.com>
Resent-date: Mon, 13 Dec 1999 08:57:51 -0800 (PST)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"x-zrWB.A.rxF.EWSV4"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

One additional comment on 1->StartTLS->3.

A StartTLS that asserts a TLS client identity should not automatically
imply or assert an LDAP authentication identity as shown in state 3.
State 3 should be no AuthID, no AuthzID as no bind has occurred.  I
believe that any mapping of SASL client identity to the LDAP
authentication identity should be done upon SASL External bind.



----
Kurt D. Zeilenga		<kurt@boolean.net>
Net Boolean Incorporated	<http://www.boolean.net/>

References:
- Re: Authz/Authc state upon start TLS
  - From: Jeff Hodges <jhodges@oblix.com>
- Re: Authz/Authc state upon start TLS
  - From: Jeff Hodges <JHodges@oblix.com>

Prev by Date: Re: Authz/Authc state upon start TLS
Next by Date: Re: Blocking unwanted senders.
Index(es):
- Chronological
- Thread