LDAPv3 Security Parameters
draft-hassler-ldapv3-secparam-00

Document Type Expired Internet-Draft (individual)
Last updated 1998-03-05
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-hassler-ldapv3-secparam-00.txt

Abstract

Two security services that are required in many applications but have not been addressed by LDAPv3 [ldapv3] in a satisfactory manner yet are integrity and non-repudiation. According to the latest LDAPv3 security draft [ldapv3-auth] integrity can be achieved within a secure association only. Non-repudiation, and by this we mean digital signing of operations, is mentioned in [ldapv3] as an example of the use of the LDAPv3 extended operation mechanism. A disadvantage of this approach is that it would be necessary to define a new Extended Request/Response pair for each basic operation that should be signed. This document defines an LDAP control called LDAPSecurityParameters for transferring security parameters with LDAP operations. With this control it is possible to append digital signature to LDAP operations and in this way provide for message authenticity, message integrity, non-repudiation of message origin and message freshness.

Authors

Vesna Hassler (hassler@infosys.tuwien.ac.at)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)