[Date Prev][Date Next] [Chronological] [Thread] [Top]

security considerations (Was: WG last call on the Java API)

To: ietf-ldapext@netscape.com
Subject: security considerations (Was: WG last call on the Java API)
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Tue, 13 Mar 2001 16:14:10 -0800
In-reply-to: <01030912460908.00728@t20>

I reiterate my request that a detailed security analysis should
be undertaken before the document is progressed to the IESG.  One
of the areas which concern me is the management of authentication
secrets by the API.  Also, a discussion of considerations
implementing API SASL and TLS features should be detailed.  In
particular, the handling of TLS alerts seems an area needing
some discussion.  There were security trade-off taken (in
referral chasing) which should be discussed in the I-D.  

Kurt

References:
- WG last call on the Java API
  - From: Roland Hedberg <roland@catalogix.se>

Prev by Date: imperatives (Was: WG last call on the Java API)
Next by Date: Make unlimited long distance for a fixed monthly fee
Index(es):
- Chronological
- Thread