With the fairly extensive reworking of the effect of Start TLS and TLS closure on the LDAP association state, I'm wondering how WG members view the need for these security considerations proposed by Hallvard. Your comments are greatly appreciated.
Roger
>>> Hallvard B Furuseth <h.b.furuseth@usit.uio.no> 10/14/2003 8:11:28 AM >>> > 10. Security Considerations I think you should say that if the connection is already bound when startTLS is performed, servers SHOULD reject operations that follow StartTLS other than bind, unbind and abandon (with strongAuthRequired?). bind before startTLS is an insecure combination, and that an attacker also may insert a bind before a startTLS when the client expects to do anonymous operations with TLS. Or SHOULD the server reject these operations even if the connection is anonymous? The attacker could have inserted an anonymous bind, though that doesn't seem like much of a problem. |