[Date Prev][Date Next] [Chronological] [Thread] [Top]

supportedSASLMechanisms extra check

To: Roger Harrison <rharrison@novell.com>
Subject: supportedSASLMechanisms extra check
From: Leif Johansson <leifj@it.su.se>
Date: Thu, 9 Aug 2001 10:55:48 +0200
Cc: ietf-ldapbis@OpenLDAP.org
Content-disposition: inline
In-reply-to: <sb582d54.028@prv-mail20.provo.novell.com>; from rharrison@novell.com on Fri, Jul 20, 2001 at 01:09:14PM -0600
References: <sb582d54.028@prv-mail20.provo.novell.com>
User-agent: Mutt/1.2.5i

During the meeting I raised an issue regarding the use of supportedSASLMechanisms.
As far as I understand the client should, upon establishing a SASL layer go back
to check that a "stronger" layer was not available which might indicate that a
man in the middle had deleted items from the list of supported mechanisms. However
if the client has already negotiated a layer which protects against man in the middle
attacks it is not clear that this extra check is needed. I would suggest that the
wording be changed to reflect this somehow.

	Cheers Leif

Prev by Date: I-D ACTION:draft-ietf-ldapbis-iana-03.txt
Next by Date: syntax ID and ;binary
Index(es):
- Chronological
- Thread