I don't know the author's intentions, but I am aware of many operational requirements to 1) utilize LDAP servers and 2) require strong authentication utilizing deployed PKIs and their associated X.509 certificates.
This allows a more robust audit/tracking capability should the originator of any actions on that LDAP server wish to deny participation.
Given that it is an 'external' authentication mechanism and is useful to standardize, I would like to see it progress.
regards,
Sandi Miklos
-----Original Message-----
From: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.org]
Sent: Friday, March 16, 2001 6:39 PM
To: ietf-ldapext@netscape.com
Subject: X.509 Authentication SASL Mechanism
What's up with this I-D? IIRC, the IESG kicked it back
to the WG... are we going to fix it or drop it? If the
latter, I suggest a co-chair ask for the I-D to be manually
expired.
Kurt