[Date Prev][Date Next] [Chronological] [Thread] [Top]

Simple auth and TLS (Was: authmeth review notes [long])

To: Michael Ströder <michael@stroeder.com>
Subject: Simple auth and TLS (Was: authmeth review notes [long])
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Tue, 9 Mar 2004 19:25:03 +0100
Cc: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>, ietf-ldapbis@OpenLDAP.org
In-reply-to: <40436D07.2090008@stroeder.com>
References: <6.0.1.1.0.20040227070642.04cd3330@127.0.0.1> <40436D07.2090008@stroeder.com>

Michael Ströder writes:
>Kurt D. Zeilenga wrote:
>> 
>>  LDAP implementations SHOULD support the simple DN/password mechanism
>>  of the simple Bind method (as detailed in Section X).
> 
> s/SHOULD/MUST/
> 
>>  Implementations
>>  which support this mechanism MUST be capable of protecting it by
>>  establishment (as discussed in Section 3) of TLS. 
> 
> s/MUST/SHOULD/

Still wrong.  Together, these changes require implementations that do
not support TLS, to implement a security hole.

-- 
Hallvard

Follow-Ups:
- Re: Simple auth and TLS (Was: authmeth review notes [long])
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: Simple auth and TLS (Was: authmeth review notes [long])
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- Re: authmeth review notes [long]
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: authmeth review notes [long]
Next by Date: Re: Simple auth and TLS (Was: authmeth review notes [long])
Index(es):
- Chronological
- Thread