W3C home > Mailing lists > Public > uri@w3.org > May 1995

Re: LDAP URL Format

From: Paul Hoffman <ietf-lists@proper.com>
Date: Mon, 8 May 1995 13:24:22 -0700
Message-Id: <v02120c0cabd42cfc3197@[]>
To: "Tim Howes" <tim@umich.edu>
Cc: uri@bunyip.com
>> >5.  Security Considerations
>> >
>> >Security considerations are not discussed in this document.
>> Should they be? Is there any additional security problems of forcing any
>> LDAP server to resolve URLs that aren't for that host? If not, you might
>> just point to the X.500 RFC that has the most complete security section.
>I don't see any problems with that, but I do think it could use some
>words about the fact that we assume no authentication (i.e., there's
>no way to pass credentials).

Sounds good. Maybe something along the lines of "The security implications
of resolving an LDAP URL are the same as those of resolving any LDAP query.
See the security section of RFC XXXXX for a description of the security
implications of responding to an LDAP query." I thing the authentication
issue should be part of the other RFC or a new RFC on LDAP security, not
this on unless authentication is different for URLs than it is for straight

--Paul Hoffman
--Proper Publishing
Received on Monday, 8 May 1995 16:23:47 UTC

This archive was generated by hypermail 2.4.0 : Sunday, 10 October 2021 22:17:30 UTC