- From: Paul Hoffman <ietf-lists@proper.com>
- Date: Mon, 8 May 1995 13:24:22 -0700
- To: "Tim Howes" <tim@umich.edu>
- Cc: uri@bunyip.com
>> >5. Security Considerations >> > >> >Security considerations are not discussed in this document. >> >> Should they be? Is there any additional security problems of forcing any >> LDAP server to resolve URLs that aren't for that host? If not, you might >> just point to the X.500 RFC that has the most complete security section. > >I don't see any problems with that, but I do think it could use some >words about the fact that we assume no authentication (i.e., there's >no way to pass credentials). Sounds good. Maybe something along the lines of "The security implications of resolving an LDAP URL are the same as those of resolving any LDAP query. See the security section of RFC XXXXX for a description of the security implications of responding to an LDAP query." I thing the authentication issue should be part of the other RFC or a new RFC on LDAP security, not this on unless authentication is different for URLs than it is for straight queires. --Paul Hoffman --Proper Publishing
Received on Monday, 8 May 1995 16:23:47 UTC