[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Authz/Authc state upon start TLS

To: JHodges@oblix.com
Subject: Re: Authz/Authc state upon start TLS
From: "Kurt D. Zeilenga" <kurt@boolean.net>
Date: Sat, 01 Jan 2000 12:53:19 -0800
Cc: IETF LDAP Extensions WG <ietf-ldapext@netscape.com>
In-reply-to: <386E4C03.62BD056A@oblix.com>
References: <s833d54e.096@prv-mail25.provo.novell.com> <3835FB2B.1BE204A3@boolean.net> <384D7EDF.CA7F05AD@oblix.com> <3.0.5.32.19991213082008.00941850@localhost>
Resent-date: Sat, 01 Jan 2000 12:53:29 -0800 (PST)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"c-Bng.A.RYB.Almb4"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

At 10:48 AM 1/1/00 -0800, Jeff Hodges wrote:
>> Third, per RFC2251, bind failures should cause connection to be
>> treated as "anonymous"
>I disagree. Perhaps you didn't read the explanation & rationale about this in my msg in
>this thread dated "Tue, 07 Dec 1999 13:40:47 -0800"?

I did read it and just reread it.  I still don't see an overriding
reason for treating bind failures when TLS is established any differently
than any other bind failure.  Maybe you can elaborate on:
	"ldapv3-tls-05 is more correct from thinking about how security works"

I believe SASL/EXTERNAL should be just like any other SASL mechanism.
The SASL bind either passes or it fails, and if it fails the LDAP connection
should be treated as "anonymous".  I do believe it unwise to special
case any bind failure in this regard.

My rational is that the security specifications need to be simple such
as to reduce the likelyhood that they are flawed or that their implementations
(or deployments of implementations) are flawed.

----
Kurt D. Zeilenga		<kurt@boolean.net>
Net Boolean Incorporated	<http://www.boolean.net/>

References:
- Re: Authz/Authc state upon start TLS
  - From: Jeff Hodges <JHodges@oblix.com>

Prev by Date: Re: Authz/Authc state upon start TLS
Next by Date: FYI LDIF now in IETF-wide last call
Index(es):
- Chronological
- Thread