[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Is there anything in LDAP that works similar to HTTP's virtual hosting.

To: Michael Ströder <michael@stroeder.com>
Subject: Re: Is there anything in LDAP that works similar to HTTP's virtual hosting.
From: Rick van Rein <rick@openfortress.nl>
Date: Mon, 17 Apr 2017 18:05:14 +0200
Cc: openldap-technical@openldap.org
In-reply-to: <e37a66f8-a9e3-c9e7-affa-beac5b78c757@stroeder.com>
References: <1492377082.2342.10.camel@gmail.com> <d5e7c1a4-c8b6-126f-7534-338c5e34d627@stroeder.com> <58F4B916.6080803@openfortress.nl> <960999a1-2fea-3aa4-21a7-405a895d150a@stroeder.com> <58F4D43A.3020609@openfortress.nl> <e37a66f8-a9e3-c9e7-affa-beac5b78c757@stroeder.com>
User-agent: Postbox 3.0.11 (Macintosh/20140602)

Hey,

> The majority of deployments do not have DNSSEC in place.

Chicken-egg reasoning is killing for advancing the Internet.  However,
the situation is not as grim as you say:

Servers increasingly run under DNSSEC-supportive domains.

Clients can easily incorporate DNSSEC-aware resolver libraries such as
libunbound or libgetdns.

> So some name check for TLS certs
> are strictly required for preventing MITM attack.

That has merits all on its own, agreed.  Anyone working on it yet? 
Until then, I fear DANE is all we've got.

> IMO DNSSEC/DANE is not of much use for LDAP with TLS.

We disagree on that, but there is no reason to make an either/or choice
between the approaches.

-Rick

References:
- Is there anything in LDAP that works similar to HTTP's virtual hosting.
  - From: John Lewis <oflameo2@gmail.com>
- Re: Is there anything in LDAP that works similar to HTTP's virtual hosting.
  - From: Michael Ströder <michael@stroeder.com>
- Re: Is there anything in LDAP that works similar to HTTP's virtual hosting.
  - From: Rick van Rein <rick@openfortress.nl>
- Re: Is there anything in LDAP that works similar to HTTP's virtual hosting.
  - From: Michael Ströder <michael@stroeder.com>
- Re: Is there anything in LDAP that works similar to HTTP's virtual hosting.
  - From: Rick van Rein <rick@openfortress.nl>
- Re: Is there anything in LDAP that works similar to HTTP's virtual hosting.
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: Is there anything in LDAP that works similar to HTTP's virtual hosting.
Next by Date: Re: Is there anything in LDAP that works similar to HTTP's virtual hosting.
Index(es):
- Chronological
- Thread