[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Last Call: Discovering LDAP Services with DNS to Proposed Standard
> When using LDAP with TLS the client must check the server's name,
> as described in section 3.6 of [RFC 2830]. As specified there, the
> name the client checks for is the server's name before any
> potentially insecure transformations, including the SRV record
> lookup specified in this memo. Thus the name the client must check
> for is the name obtained by doing the mapping step defined in
> section 2 above.
>
> which I think precisely addresses your concern.
looks good. thanks.
Keith