[Date Prev][Date Next] [Chronological] [Thread] [Top]

Security Considerations in draft-weltman-ldapv3-auth-response-01.txt

To: ietf-ldapext@netscape.com
Subject: Security Considerations in draft-weltman-ldapv3-auth-response-01.txt
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Wed, 09 Feb 2000 10:58:51 -0800
In-reply-to: <200002091641.LAA09935@ietf.org>
Resent-date: Wed, 09 Feb 2000 10:59:09 -0800 (PST)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <H80p_D.A.6FF.tjbo4@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

I suggest noting explicitly in Security Considerations that the
control is not protected by the SASL privacy or integrity
protection negotiated by the BIND process returning this control.
A client requiring such protection must rely on independent
services, such as TLS or IPSEC, or use some operation after
negotiating SASL protection services.

Because of this consideration, I can see the need for an extended
operation to obtain authorization information post BIND.

BTW, what's the intended track of this document?  I suggest
adding a note to the draft indicating your intent.

Follow-Ups:
- Re: Security Considerations indraft-weltman-ldapv3-auth-response-01.txt
  - From: rweltman@netscape.com (Rob Weltman)
- Re: Security Considerations indraft-weltman-ldapv3-auth-response-01.txt
  - From: mcs@netscape.com (Mark C Smith)

Prev by Date: Re: unsolicited controls (Was: I-DACTION:draft-weltman-ldapv3-auth-response-01.txt)
Next by Date: Re: Security Considerations indraft-weltman-ldapv3-auth-response-01.txt
Index(es):
- Chronological
- Thread