[Date Prev][Date Next]
Re: (ITS#5195) ssf not available during sasl bind
> --On Monday, October 29, 2007 8:13 PM +0000 firstname.lastname@example.org wrote:
>> You really need to read more carefully. If you only care about the
>> overall SSF, regardless of whether it's from TLS or SASL, then just use
>> the "ssf" factor. --
> Nice, in theory, but I think my example was bad. So let's rehash.
> When I was at Stanford, the SASL SSF max was 56, because of the DES keys.
> The TLS SSF was 128. So how would I indicate that I want EITHER a SASL SSF
> of 56 or a TLS SSF of 128 using the security directive?
You don't. That would open you up to a downgrade attack.
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/