An LDAP Control and Schema for Holding Operation Signatures
RFC 2649
|
| Document |
Type |
|
RFC - Experimental
(August 1999; No errata)
|
|
Last updated |
|
2013-03-02
|
|
Stream |
|
IETF
|
|
Formats |
|
plain text
pdf
htmlized
bibtex
|
| Stream |
WG state
|
|
WG Document
|
|
Document shepherd |
|
No shepherd assigned
|
| IESG |
IESG state |
|
RFC 2649 (Experimental)
|
|
Consensus Boilerplate |
|
Unknown
|
|
Telechat date |
|
|
|
Responsible AD |
|
(None)
|
|
Send notices to |
|
(None)
|
Network Working Group B. Greenblatt
Request for Comments: 2649 P. Richard
Category: Experimental August 1999
An LDAP Control and Schema for Holding Operation Signatures
Status of this Memo
This memo defines an Experimental Protocol for the Internet
community. It does not specify an Internet standard of any kind.
Discussion and suggestions for improvement are requested.
Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (1999). All Rights Reserved.
Abstract
In many environments clients require the ability to validiate the
source and integrity of information provided by the directory. This
document describes an LDAP message control which allows for the
retrieval of digitally signed information. This document defines an
LDAP v3 based mechanism for signing directory operations in order to
create a secure journal of changes that have been made to each
directory entry. Both client and server based signatures are
supported. An object class for subsequent retrieval are "journal
entries" is also defined. This document specifies LDAP v3 controls
that enable this functionality. It also defines an LDAP v3 schema
that allows for subsequent browsing of the journal information.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1 Audit Trail Mechanism . . . . . . . . . . . . . . . . . . . 2
1.2. Handling the Delete Operation . . . . . . . . . . . . . . . 5
2. Signed Results Mechanism . . . . . . . . . . . . . . . . . . 6
3. Security Considerations and Other Notes . . . . . . . . . . 7
4. References . . . . . . . . . . . . . . . . . . . . . . . . . 8
5. Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 9
6. Full Copyright Statement . . . . . . . . . . . . . . . . . . 10
Greenblatt & Richard Experimental [Page 1]
RFC 2649 LDAP Control and Schema August 1999
1. Introduction
In many environments clients require the ability to validiate the
source and integrity of information provided by the directory. This
document describes an LDAP message control which allows for the
retrieval of digitally signed information. The perspective of this
document is that the origin of the information that is stored in LDAP
v3 accessible directories is the LDAP v3 client that creates the
information. The source and integrity of the information is
guaranteed by allowing for the digital signing of the operations that
make changes to entries in the directory. The source and integrity
of an individual LDAP connection can be guaranteed by making use of
an underlying session layer that provides such services, such as TLS.
Note that the integrity of an individual connection does not, in and
of itself guarantee the integrity of the data that comes across the
connection. This is due to the fact that the LDAP server is only
capable of providing information that it has stored. In distributed
and replicated environments, the fact that an entry has been
successfully retrieved from a server may not be completely
reassuring, if the entry in question was replicated from an untrusted
domain.
By making use of public key technology, and creating digitally signed
transactions that are created by the LDAP v3 client as entries are
created and modified, a complete journal of the history of the entry
is available. Since each entry in the journal has been digitally
signed with the private key of the creator, or modifier of the entry,
the source and integrity of the directory entry can be validated by
verifying the signature of each entry in the journal. Note that not
all of the journal entries will have been signed by the same user.
1.1. Audit Trail Mechanism
Signed directory operations is a straightforward application of
S/MIME technology that also leverages the extensible framework that
is provided by LDAP version 3. LDAP version 3 is defined in [4], and
S/MIME is defined in [2]. The security used in S/MIME is based in
the definitions in [1]. The basic idea is that the submitter of an
LDAP operation that changes the directory information includes an
LDAP version 3 control that includes either a signature of the
operation, or a request that the LDAP server sign the operation on
the behalf of the LDAP client. The result of the operation (in
addition to the change of the directory information), is additional
information that is attached to directory objects, that includes the
audit trail of signed operations. The LDAP control is (OID =
1.2.840.113549.6.0.0):
Greenblatt & Richard Experimental [Page 2]
RFC 2649 LDAP Control and Schema August 1999
Show full document text