[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Applicability (Was: authmeth review notes [long])

I wrote:
> Kurt D. Zeilenga writes:
>>> BTW, I can't find any requirement that TLS be supported.
>> It's not.
> (...)
>> DIGEST-MD5 is LDAP's strong authentication mechanism
>> (which provides adequate data security services).  There is no
>> interop or security reason to mandate or recommend more (except
>> in limited cases, such as when Simple is to be used).
> While I like that TLS is optional, I don't buy this as an argument for
> it.  DIGEST-MD5...

... is also vulnerable to active intermediary attacks ([Authmeth]
section 10).