[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Simple auth and TLS (Was: authmeth review notes [long])
At 12:48 AM 3/10/2004, RL 'Bob' Morgan wrote:
>The choice of using IPsec, etc, as you suggest, is a deployment-time
>choice, and our documents generally say nothing about what deployers can
>or should do. But the requirement, for which MUST is I think entirely
>appropriate, for *implementations* of LDAPv3 is that they must *be
>capable* of using TLS, if they do password authentication.
In a previous note in response to Hallvard, I had noted that it
likely was fine to add ""or other suitable means (e.g., IPSec)".
However, I now have to retract this. I agree with you that
we need to place a requirement upon the implementation to
provide adequate protection and the only suitable protective
service to mandate here is TLS.
Kurt