IETF meeting in Paris

This week I was in Paris for the 63rd IETF meeting.

Though I mainly go to the IETF to work on LDAP (both with the LDAPBis working group and as an individual contributor -for example with the LDAP password policy- ), I often go to other working groups and BOF sessions to get a sense of what's going on in the Internet community (at least in the areas that I understand).
And this time, the buz was clearly around the recent vulnerabilities with the use of one-way hash functions such as MD5 and SHA1. With the increasing computation power of computers and the ease of deployment of man-in-the-middle attack, these functions are no longer considered as secure enough. And so are authentication mechanisms based on cleartext challenge-response exchanges. For Directory Server's customers, this means that the way to secure their authentication t0 LDAP is to use TLS either via the use of StartTLS extended operation or LDAP over SSL. Once the connection is secured, the authention could be based on the Simple bind, Sasl Bind with Digest-MD5 mechanism or with exchanged certificates.

On the LDAP front, the participation is diminishing (mainly remains Novell, OpenLDAP and Sun) but the work of revising the LDAPv3 specification for clarification and better interoperability is mainly done. The last remaining issues were hammered this week (hopefully) and we are expecting RFC publication before or around next IETF meeting.


LDAPers in IETF action: Roger, Kurt, Jim and Ludo (left to right).


Tags: LDAP IETF Directory Server
Comments:

Some links to the SHA-1 story.. http://www.computerworld.com/printthis/2005/0,4814,100554,00.html http://www.computerworld.com/securitytopics/security/story/0,10801,99852,00.html

Posted by Ezra Simeloff on August 09, 2005 at 02:27 PM CEST #

Post a Comment:
  • HTML Syntax: NOT allowed
About

This is the blog of a senior software engineer, specialized in LDAP, Directory Server and OpenDS. Ludovic Poitou works in France at the Grenoble Engineering Center, in the Directory Services Engineering team. Outside work, I love skiing and taking photo

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today