[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Authz/Authc state upon start TLS

To: IETF LDAP Extensions WG <ietf-ldapext@netscape.com>
Subject: Re: Authz/Authc state upon start TLS
From: "Kurt D. Zeilenga" <kurt@boolean.net>
Date: Mon, 13 Dec 1999 08:20:08 -0800
In-reply-to: <385494B9.3A90B24B@oblix.com>
References: <s833d54e.096@prv-mail25.provo.novell.com> <3835FB2B.1BE204A3@boolean.net> <384D7EDF.CA7F05AD@oblix.com>
Resent-date: Mon, 13 Dec 1999 08:26:52 -0800 (PST)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"68zCmC.A.RyC.A5RV4"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

First, a general comment.  This diagram scares the hell out of me.
I am quite concerned that we've added an unmanagable amount of
complexity to the authentication process.  I can not even imagine
what affect introduction of IPSEC will have on this complexity.  I
believe we need to ways of simplifying authentication process to
ensure it can be and will be correctly implemented.

Second, per AuthMeth:
	2->8 is inappropriate as 2 has no TLS identity, 2->5?


Third, per RFC2251, bind failures should cause connection to be
treated as "anonymous"
	4-EXTERNAL should return to 1
	5-EXTERNAL should return to 2
	7-NO should return to 3
	11-NO should return to 3


----
Kurt D. Zeilenga		<kurt@boolean.net>
Net Boolean Incorporated	<http://www.boolean.net/>

References:
- Re: Authz/Authc state upon start TLS
  - From: Jeff Hodges <jhodges@oblix.com>
- Re: Authz/Authc state upon start TLS
  - From: Jeff Hodges <JHodges@oblix.com>

Prev by Date: Re: Authz/Authc state upon start TLS
Next by Date: Re: Authz/Authc state upon start TLS
Index(es):
- Chronological
- Thread