btb wrote: > On 2013.10.03 12.13, Michael Ströder wrote: >> "Although there is no technical specification for ldaps:// it is widely used." > > sorry, i'm not sure what you're getting at. i've already clearly stated > exactly that, as is clearly seen below. The point is that everybody should also configure ldaps:// to provide the service for a wide range of implementations which are not capable to do StartTLS ext.op. And therefore it's pure nonsense to babble about LDAPS being deprecated and people should not configure it. > you're welcome to find ldaps more secure than starttls. plenty of others don't. So I'm very curious whether you have a single argument why not. Again: With StartTLS ext.op. it's more likely that a misconfigured client sends a clear-text password in a clear-text LDAP PDU and thinks everything works. Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature