[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: IETF ldapbis WG Last Call: draft-ietf-ldapbis-user-schema-05.txt



Kurt D. Zeilenga writes:
>>"Add: Use of integrity protection is encouraged to prevent session hijacking."
>>
>>Which session is meant here?
> 
> The LDAP session.
> 
> If one uses a mechanism such as DIGEST-MD5 without
> negotiating integrity protection to authenticate,
> a man-in-middle can hijack the session after
> authentication completes. 

What has that to do with schema?  Sounds like a protocol or authmeth
issue to me.

I'd also like to see this paragraph removed:

   It is required that strong authentication be performed in order to 
   modify directory entries using LDAP.

for the same reason.  I've mentioned that before, IIRC the answer was
that yes, it's covered elsewere - but not as a requirement.  I can't
find the thread now, though.

-- 
Hallvard