[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: comments on draft-zeilenga-ldap-authpassword-04.txt

To: hahnt@us.ibm.com
Subject: Re: comments on draft-zeilenga-ldap-authpassword-04.txt
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Thu, 25 Jan 2001 13:35:18 -0800
Cc: ietf-ldapext@netscape.com
In-reply-to: <OFFCC8729E.A8FC2634-ON852569DF.006A736F@pok.ibm.com>

At 02:24 PM 1/25/01 -0500, Timothy Hahn wrote:
>Section 4.1, ABNF for authPasswordSyntax 

seems reasonable.

>Section 4.4 
>It would be nice to have a description for the attribute type. 

seems reasonable.

>Also, in paragraph 3, explaining why no built-in matching rule is defined for the attribute type.

I can add one which has an assertion syntax of authPasswordSyntax.

>With this said, what is the intent then of defining the "authPasswordMatch" matching rule?

To allow a client to assert that a password, not an authPasswordSyntax
value, matches.

>Requiring the use of extensible match in order to use the matching rule seems harder than is necessary.

The authPasswordMatch as the EQUALITY matching rule would only
allow one scheme per password.

>Why is it desireable to dis-allow modification of individual values (assuming that the underlying transport service guarantees confidentiality). 

I'll remove this restriction and add an appropriate equality matching
rule.

References:
- comments on draft-zeilenga-ldap-authpassword-04.txt
  - From: "Timothy Hahn" <hahnt@us.ibm.com>

Prev by Date: comments on draft-zeilenga-ldap-authpassword-04.txt
Next by Date: Re: comments on draft-zeilenga-ldap-authpassword-04.txt
Index(es):
- Chronological
- Thread