[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Evaluation: draft-zeilenga-ldap-authzid - LDAP 'Who am I?' Operation

To: IESG Secretary <iesg-secretary@ietf.org>, Internet Engineering Steering Group <iesg@ietf.org>
Subject: Re: Evaluation: draft-zeilenga-ldap-authzid - LDAP 'Who am I?' Operation
From: Russ Housley <housley@vigilsec.com>
Date: Wed, 20 Aug 2003 23:24:24 -0400
In-reply-to: <E19os4E-0004Yj-Rl@asgard.ietf.org>

Russ Housley         [   ]     [   ]     [ X ]     [   ]

  Technical comments:

  Section 3 prohibits clients from invoking the "Who Am I?" operation
  while any Bind operation is in progress.  What should a server do if
  a client does so?  Right now, there is no guidance to the server
  developer.

  Section 4.1 contains a TBD.  I understand that IANA has not assigned a
  value yet, but error codes in LDAP have mnemonic names such as
  operationsError, protocolError, confidentialityRequired, and so on.
  Can the mnemonic name be provided now?

  Section 5 says that servers may place access control or other restrictions
  upon the use of the Who Am I?" operation.  When is this desirable?

  Editorial comment:

  In section 1, 2nd paragraph, 2nd sentence.  Proposed rewording:

    Bind controls are not protected by the security layers established
    by the Bind operation which includes them.

References:
- Evaluation: draft-zeilenga-ldap-authzid - LDAP 'Who am I?' Operation
  - From: IESG Secretary <iesg-secretary@ietf.org>

Prev by Date: Re: apnic - second day better
Next by Date: Comment: draft-weltman-ldapv3-auth-response-09
Previous by thread: Evaluation: draft-zeilenga-ldap-authzid - LDAP 'Who am I?' Operation
Next by thread: Re: Evaluation: draft-zeilenga-ldap-authzid - LDAP 'Who am I?' Operation
Index(es):
- Date
- Thread