[Date Prev][Date Next] [Chronological] [Thread] [Top]

Protocol: Graceful TLS Closure and outstanding operations



[Protocol] 4.13.3.1 says that the server may initiate graceful TLS
closure, which leaves the LDAP session intact.  I think outstanding
operations MUST then be abandoned, and responses to operations that
could not be abandoned MUST NOT be sent after the TLS closure.  The
responses might contain sensitive information.

Which is another reason why client-initiated TLS closure should do the
same, for symmetry:-)  BTW, the previous discussion about TLS
closure stopped without resolution, see
   http://www.openldap.org/lists/ietf-ldapbis/200212/msg00007.html

-- 
Hallvard