[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS ssfs confusion

To: Dick Davies <rasputnik@hellooperator.net>
Subject: Re: TLS ssfs confusion
From: Rich Graves <rcgraves@brandeis.edu>
Date: Wed, 25 Aug 2004 11:29:31 -0400 (EDT)
Cc: OpenLDAP <openldap-software@OpenLDAP.org>
In-reply-to: <20040825151202.GC18624@lb.tenfour>

On Wed, 25 Aug 2004, Dick Davies wrote:

> And what's the difference between 'transport security strength factor'
> for updates, and 'tls security strength factor' for updates'?

Transport layer encryption versus cryptographic authentication.

128-bit SSL encrypts the whole deal. But within that encrypted envelope, 
a simple bind or PLAIN bind sends the password in plaintext, which gets 
ssf=0.

You get ssf > 0 for things like kerberos, cram-md5, and client SSL certs 
that protect credentials separately from the transport layer.

See the cyrus-sasl documentation for more.
-- 
Rich Graves <rcgraves@brandeis.edu>
UNet Systems Administrator

References:
- TLS ssfs confusion
  - From: Dick Davies <rasputnik@hellooperator.net>

Prev by Date: TLS ssfs confusion
Next by Date: Re: Overlays?
Index(es):
- Chronological
- Thread