Re: IETF opinion change on "implicit TLS" vs. StartTLS

[Quanah Gibson-Mount]

--On Saturday, February 17, 2018 8:58 AM +1000 William Brown 
 wrote:



Personally, I'm all for it.  I'd suggest using the above RFC as a
template
for one formalizing port 636, so it's finally a documented standard.


Great! Where do we go from here to get this formalised properly?


IETF ldapext is the starting point, I'd assume?  Probably worthwhile to 
bring it up on that list?


--Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:

Re: IETF opinion change on "implicit TLS" vs. StartTLS

[William Brown]

On Mon, 2018-02-12 at 18:10 -0800, Quanah Gibson-Mount wrote:
> --On Tuesday, February 13, 2018 9:31 AM +1000 William Brown 
>  wrote:
> 
> > On Mon, 2018-02-12 at 14:30 +0100, Michael Ströder wrote:
> > > HI!
> > > 
> > > To me this rationale for SMTP submission with implicit TLS seems
> > > also
> > > applicable to LDAPS vs. StartTLS:
> > > 
> > > https://tools.ietf.org/html/rfc8314#appendix-A
> > > 
> > > So LDAPS should not be considered deprecated. Rather it should be
> > > recommended and the _optional_ use of StartTLS should be strongly
> > > discouraged.
> > 
> > Yes, I strongly agree with this. I have evidence to this fact and
> > can
> > provide it if required,
> 
> Personally, I'm all for it.  I'd suggest using the above RFC as a
> template 
> for one formalizing port 636, so it's finally a documented standard.

Great! Where do we go from here to get this formalised properly? 

> 
> --Quanah
> 
> --
> 
> Quanah Gibson-Mount
> Product Architect
> Symas Corporation
> Packaged, certified, and supported LDAP solutions powered by
> OpenLDAP:
> 
> 
-- 
Sincerely,

William Brown
Software Engineer
Red Hat, Australia/Brisbane