[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Authentication Methods for LDAP - last call

To: "John C. Strassner" <johns@cisco.com>
Subject: Re: Authentication Methods for LDAP - last call
From: Mark Wahl <M.Wahl@INNOSOFT.COM>
Date: Sun, 02 Aug 1998 12:28:49 -0500
Cc: howes@netscape.com (Tim Howes), Steve Kille <S.Kille@isode.com>, ietf-ldapext@netscape.com
In-reply-to: "Your message of Sat, 01 Aug 1998 11:31:34 PDT." <3.0.2.32.19980801113134.00b40890@ntg.cisco.com>
Resent-date: Sun, 02 Aug 1998 10:33:23 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"W_kf51.0.DE1.XBAnr"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

> Therefore, such implementations MUST support some secure form of 
> authentication. Two such examples are CRAM-MD5 and certificates. 

While I understand the sentiment, this statement is not strong enough
to ensure that different implementations will interoperate when vendors
pick different forms.  Therefore clauses (2) and (3) are distinct: 
(2) gives the minimum interoperability without passwords-in-the-clear 
guarantee, and (3) describes how Start TLS can be used for providing 
additional robust services with or without passwords.

Mark Wahl, Directory Product Architect
Innosoft International, Inc.

Follow-Ups:
- Re: Authentication Methods for LDAP - last call
  - From: Steve Kille <S.Kille@isode.com>

References:
- Re: Authentication Methods for LDAP - last call
  - From: "John C. Strassner" <johns@cisco.com>

Prev by Date: Re: Authentication Methods for LDAP - last call
Next by Date: Re: Authentication Methods for LDAP - last call
Index(es):
- Chronological
- Thread