RFC 2649 (rfc2649) - Page 2 of 10

An LDAP Control and Schema for Holding Operation Signatures

Alternative Format: Original Text Document
< Previous
Next >
RFC 2649                LDAP Control and Schema              August 1999


1.  Introduction

   In many environments clients require the ability to validiate the
   source and integrity of information provided by the directory.  This
   document describes an LDAP message control which allows for the
   retrieval of digitally signed information.  The perspective of this
   document is that the origin of the information that is stored in LDAP
   v3 accessible directories is the LDAP v3 client that creates the
   information.  The source and integrity of the information is
   guaranteed by allowing for the digital signing of the operations that
   make changes to entries in the directory.  The source and integrity
   of an individual LDAP connection can be guaranteed by making use of
   an underlying session layer that provides such services, such as TLS.
   Note that the integrity of an individual connection does not, in and
   of itself guarantee the integrity of the data that comes across the
   connection.  This is due to the fact that the LDAP server is only
   capable of providing information that it has stored.  In distributed
   and replicated environments, the fact that an entry has been
   successfully retrieved from a server may not be completely
   reassuring, if the entry in question was replicated from an untrusted
   domain.

   By making use of public key technology, and creating digitally signed
   transactions that are created by the LDAP v3 client as entries are
   created and modified, a complete journal of the history of the entry
   is available.  Since each entry in the journal has been digitally
   signed with the private key of the creator, or modifier of the entry,
   the source and integrity of the directory entry can be validated by
   verifying the signature of each entry in the journal.  Note that not
   all of the journal entries will have been signed by the same user.

1.1.  Audit Trail Mechanism

   Signed directory operations is a straightforward application of
   S/MIME technology that also leverages the extensible framework that
   is provided by LDAP version 3.  LDAP version 3 is defined in [4], and
   S/MIME is defined in [2].  The security used in S/MIME is based in
   the definitions in [1].  The basic idea is that the submitter of an
   LDAP operation that changes the directory information includes an
   LDAP version 3 control that includes either a signature of the
   operation, or a request that the LDAP server sign the operation on
   the behalf of the LDAP client.  The result of the operation (in
   addition to the change of the directory information), is additional
   information that is attached to directory objects, that includes the
   audit trail of signed operations.  The LDAP control is (OID =
   1.2.840.113549.6.0.0):





Greenblatt & Richard          Experimental
< Previous
Next >