[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Applicability (Was: authmeth review notes [long])

To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Subject: Re: Applicability (Was: authmeth review notes [long])
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Tue, 9 Mar 2004 22:42:02 +0100
Cc: ietf-ldapbis@OpenLDAP.org
In-reply-to: <HBF.20040309w5q2@bombur.uio.no>
References: <6.0.1.1.0.20040227070642.04cd3330@127.0.0.1> <HBF.20040309eff@bombur.uio.no> <6.0.1.1.0.20040309110733.050420f8@127.0.0.1> <HBF.20040309w5q2@bombur.uio.no>

I wrote:
> Kurt D. Zeilenga writes:
>
>>> BTW, I can't find any requirement that TLS be supported.
>>
>> It's not.
> (...)
>> DIGEST-MD5 is LDAP's strong authentication mechanism
>> (which provides adequate data security services).  There is no
>> interop or security reason to mandate or recommend more (except
>> in limited cases, such as when Simple is to be used).
> 
> While I like that TLS is optional, I don't buy this as an argument for
> it.  DIGEST-MD5...

... is also vulnerable to active intermediary attacks ([Authmeth]
section 10).

-- 
Hallvard

Follow-Ups:
- active attacks (Was: Applicability (Was: authmeth review notes [long]))
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- Re: authmeth review notes [long]
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Applicability (Was: authmeth review notes [long])
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: Applicability (Was: authmeth review notes [long])
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

Prev by Date: Re: Applicability (Was: authmeth review notes [long])
Next by Date: RE: Protocol: control specifications.
Index(es):
- Chronological
- Thread