[Date Prev][Date Next]
Re: Antwort: OpenLDAP exclusively on SSL [Virus checked]
ons, 24.03.2004 kl. 19.45 skrev Quanah Gibson-Mount:
> > What do you mean by "encryption" here? Is this (let's say SSL/TLS) data
> > encryption, over the wire, or simply that data in is encrypted? If the
> > latter, what is the expense of the latter compared to SSL/TLS? Which is
> > preferable from a data security point of view?
> > O.k., this has nothing to do with Openldap software ... etc. Take it
> > that you know the umich subscribe address, I just gave it to Thomas
> > Gagné.
> Hm, actually it has to do with how OpenLDAP operates, and how clients
> interact with OpenLDAP, so I'd say it applies to this list. ;)
I have this nervous twitch, nowadays.
> By encryption, I mean encryption over the wire. Just like Kerberos login
> sessions are encrypted over the wire, the LDAP connection between the
> client and OpenLDAP server is also encrypted. You are just using a method
> other than SSL/TLS to do the over-the-wire encryption. If you turned on
> TLS/SSL in this case, you would be encrypting over the wire twice -- A bit
> of an overkill, I think.
What is it that's doing the encryption/de-encryption, then? Is that
Kerberos (I dunno, I've never used it. Of course I could read up, but at
the moment I don't need it, might tomorrow)
> >From a security point of view, I'd say it depends on your encryption
> strengths and requirements. ;)
Maybe I should read the docs again. My demands are for SSL/TLS.
mail: billy - at - billy.demon.nl