[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TODO List - Volunteers welcomed

At 10:42 PM 5/26/00 +0200, Bastiaan Bakker wrote:
>> Add IPv6 and IPSEC support
>Could you please explain briefly what you mean with IPSEC support?

IPSec can be used in two modes, transport and tunnel.  In tunnel
model, the client and server have no knowledge that IPSEC is
present.  This is often used to create VPNs and such.

However, in transport mode, IPSEC sits on top of IP and may be
used to secure higher level protocols such as UDP and TCP, and,
hence, LDAP.  An LDAP implementation which is IPSEC aware
can make better use of the services offerred by IPSEC.  In
particular, IPSEC information can be used for authentication,
authorization, and access control.  I suspect that most IPSEC
implementations do not yet expose APIs which would allow these
interactions (yet).

Specifically, I was thinking someone could implement IPSEC
aware SASL/EXTERNAL (as meantioned in RFC 2222).  Also hooking
it into ACLs (we'd like to make access choices based, in part,
upon lower level integrity/privacy protections).