[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Last Call: Discovering LDAP Services with DNS to Proposed Standard

To: "RL 'Bob' Morgan" <rlmorgan@washington.edu>
Subject: Re: Last Call: Discovering LDAP Services with DNS to Proposed Standard
From: Keith Moore <moore@cs.utk.edu>
Date: Wed, 06 Feb 2002 13:40:15 -0500
Cc: Keith Moore <moore@cs.utk.edu>, iesg@ietf.org, IETF ldapext WG <ietf-ldapext@netscape.com>, Levon Esibov <levone@windows.microsoft.com>
In-reply-to: (Your message of "Wed, 06 Feb 2002 10:23:47 MST.") <Pine.LNX.4.40.0202061014340.14867-100000@perx.cac.washington.edu>

>    When using LDAP with TLS the client must check the server's name,
>    as described in section 3.6 of [RFC 2830].  As specified there, the
>    name the client checks for is the server's name before any
>    potentially insecure transformations, including the SRV record
>    lookup specified in this memo.  Thus the name the client must check
>    for is the name obtained by doing the mapping step defined in
>    section 2 above.
> 
> which I think precisely addresses your concern.

looks good.  thanks.

Keith

References:
- Re: Last Call: Discovering LDAP Services with DNS to Proposed Standard
  - From: "RL 'Bob' Morgan" <rlmorgan@washington.edu>

Prev by Date: Re: Last Call: Discovering LDAP Services with DNS to Proposed Standard
Next by Date: Prohibition Buster 28096
Index(es):
- Chronological
- Thread