[Date Prev][Date Next] [Chronological] [Thread] [Top]

Authz/Authc state upon start TLS



I am wondering what is the rational of 7.1.1 is:
	"Upon establishment of the TLS connection into the LDAP
	association, any previous established authentication and
	authorization identities MUST remain in force, including
	anonymous state."

I would have thought it more appropriate to require:
	"Upon establishment of the TLS connection into the LDAP
	association, any previous established non-anonymous
	authentication and authorizations identitites MUST NOT
	remain in force.  The LDAP association must move to an is
	anonymous authentication and authorization state upon
	return successful completion of the Start TLS operation."

I should also note that the above MUST does not limit the server
ability to affect authorization otherwise (per RFC2251):
	Authorization MAY be affected by factors outside of the
	LDAP Bind request, such as lower layer security services.

To eliminate any potential conflict between RFC2251 and the TLS
draft, the above MUSTs likely should be SHOULDs.

In addition, I am wondering what is rational of 7.1.2.1.
	"Any authentication identity and authorization
	identity, as well as TLS connection, which were
	in effect prior to making the [FAILED] bind request,
	MUST remain in force."

RFC2251 states:
	"... if the bind fails, the connection will be treated
	as anonymous."

It seems odd to me that the TLS connection state would change
the semantics of the bind operation.  It seems that this may
confuse implementors.




----
Kurt D. Zeilenga		<kurt@boolean.net>
Net Boolean Incorporated	<http://www.boolean.net/>