[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Security Considerations in draft-weltman-ldapv3-auth-response-01.txt
I suggest noting explicitly in Security Considerations that the
control is not protected by the SASL privacy or integrity
protection negotiated by the BIND process returning this control.
A client requiring such protection must rely on independent
services, such as TLS or IPSEC, or use some operation after
negotiating SASL protection services.
Because of this consideration, I can see the need for an extended
operation to obtain authorization information post BIND.
BTW, what's the intended track of this document? I suggest
adding a note to the draft indicating your intent.