[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Security Strength Factor



"Kurt D. Zeilenga" <Kurt@OpenLDAP.org> writes:

> At 02:20 AM 12/18/2002, Dieter Kluenter wrote:
>>Hello,
>>what is the precise definition of SSF, I know it "indicates a relative
>>strength of protection", but protection of what and protection by
>>whom?
>
> OpenLDAP has multiple SSFs.  For each session, there is
> one for SASL, one for TLS, etc., and an overall session
> SSF (the greatest SSF of any particular layer).
[...]
> SASL/EXTERNAL, itself, provides no security layers.  There
> may be protections provided by lower layers (like TLS) and,
> if so, these are reflected in SSF associated with the particular
> layer providing the protection as well as the overall SSF.

I understand from the above that a ssf value given in slapd.conf as
access control is not necessarily referring to SASL SSF, but may as
well refer to TLS SSF or what so ever , depending on the highest value
for a given session and it could be even a sum of two ore more
layers?

-Dieter

-- 
Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter@schevolution.com
http://www.schevolution.com/tour