Michael Ströder wrote:
On 3/31/22 19:15, Quanah Gibson-Mount wrote:
I think the clear text bind issue in fact shows that LDAPS is technically superior to startTLS when encryption is required. The remaining issue is there's no RFC for it. I'd like to see that addressed.
My attempt to resurrect the IETF ldapext WG failed back in 2015. :-/
Well, in fact every LDAP server I've tested supports LDAPS. So at least implementors should not have any objections.
So if you're eager to write an individual I-D I'd be willing to review, discuss and support it. But I won't write it.
At this point it could just be an Informational RFC, describing current practice.
Ciao, Michael.