Re: new internet draft - LDAP Extensions Style Guide

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 11:23 AM 8/16/00 -0700, Bruce Greenblatt wrote:
>At 07:43 AM 8/16/2000 -0700, Kurt D. Zeilenga wrote:
>
>>But please note that control upon on bind operation are
>>not protected by the privacy and integrity negotiated by
>>the bind operation itself.  This must be taken into
>>consideration.
>
>This is a good point.  I will add this to the Style Guide.  If controls are passed on the Bind that need privacy and/or integrity protection, a TLS session SHOULD be negotiated prior to the Bind.

I suggest:
  Control information provided during a Bind or StartTLS
  operations are not protected by security services (e.g.
  privacy and/or integrity protection) negotiated by that
  operation.  If such services are desired (or required),
  they must be established prior to operation.