logo       
<prev   next>

Re: Extension: WG Last Call: draft-ietf-ldapbis-authmeth-15.txt: msg#00013

ietf.ldapbis

Subject: Re: Extension: WG Last Call: draft-ietf-ldapbis-authmeth-15.txt

Section 3.1.4 Discovery of Resultant Security Level
This refers to 3.2.3 which does not exist. I can't tell what it was intended to reference.

Also there are many references to [Protocol] section 4.13.x.x which probably should now be 4.14.xx.

Section 3.1.5 Server Identity Check
This section talks about how a client must verify a server's name against the identity presented in the server's certificate. This clause
- The "*" wildcard character is allowed in the server name
provided by the user. If present, it matches only the left-most
label from the subjectAltName.
makes no sense to me. That implies that I can issue an ldap request to e.g. ldap://*.example.com, which at a glance means to perform a DNS zone transfer against example.com and then issue an LDAP query against every DNS host record that's returned. I don't see how it makes any sense for a user to provide wildcarded server names to a client. In RFC2830 it was clear that wildcard characters could be present in the certificate, and that usage makes sense. Why is the use of wildcards reversed here? This invalidates many already-deployed RFC2830-conforming server certificates, if nothing else.

Section 3.3
2nd bullet
"confidentially" should be "confidentiality"

Kurt D. Zeilenga wrote:
The WGLC will now close on Tuesday, 27 September 2005.
It is hoped that this extension will allow for additional
review and comment. If you haven't commented already,
please take some time in the next few days to do so.

Thanks, Kurt

At 10:27 AM 9/19/2005, Kurt D. Zeilenga wrote:
Please note this WGLC closes this Thursday! Please review
and comment (and if you have no comments, drop a note to
chairs so).

-- Kurt

At 01:10 PM 9/6/2005, Kurt D. Zeilenga wrote:
This message initiates a LDAPBIS Working Group Last Call on the
document:

Title: LDAP: Authentication Methods and Connection Level Security Mechanisms
Editor: R. Harrison
Filename: draft-ietf-ldapbis-authmeth-15.txt


--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Extension: WG Last Call: draft-ietf-ldapbis-authmeth-15.txt: 00013, Kurt D. Zeilenga
Next by Date:  Re: Extension: WG Last Call: draft-ietf-ldapbis-authmeth-15.txt: 00013, Howard Chu
Previous by Thread:  Extension: WG Last Call: draft-ietf-ldapbis-authmeth-15.txti: 00013, Kurt D. Zeilenga
Next by Thread:  Re: Extension: WG Last Call: draft-ietf-ldapbis-authmeth-15.txt: 00013, Hallvard B Furuseth
Indexes:  [Date] [Thread] [Top] [All Lists]

Google Custom Search
News | FAQ | advertise