[Date Prev][Date Next]
Re: Preliminary TLS/SSL success
John Kristian wrote:
> I implemented this, in Netscape Directory Server. Some design choices
> weren't obvious (to me). I'd be happy to tell you what the Netscape software
> does, and why. I've posted some information already; copies are archived at
Thank you for reminding me of this, I am right now working on the part
the client presents a certificate and was wondering what to do about it.
For TLS over SASL, there is a clear guide on what is supposed to
for the direct LDAP->TLS->TCP thing I was not sure.
I find the above link particularly interesting. It makes sense and I
was thinking about essentially the same, only was worried about giving
the client certificate verification a meaning that was not warranted.
My purist side warns me that this is not something blessed as a
but this LDAP over raw TLS is not standard either and the reason to
implement it is purely interoperability with existing implementations.
So existing implementations *are* the definition.
BTW, let me thank you for the pointers you gave about matching rules,
were very illuminating in general and, especially, the index management