[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Simple auth and TLS (Was: authmeth review notes [long])

At 10:25 AM 3/9/2004, Hallvard B Furuseth wrote:
>Michael Ströder writes:
>>Kurt D. Zeilenga wrote:
>>>  LDAP implementations SHOULD support the simple DN/password mechanism
>>>  of the simple Bind method (as detailed in Section X).
>>>  Implementations
>>>  which support this mechanism MUST be capable of protecting it by
>>>  establishment (as discussed in Section 3) of TLS. 
>Still wrong.  Together, these changes require implementations that do
>not support TLS, to implement a security hole.

Which security hole you refer to here?