On Thu, Mar 31, 2022 at 04:29:04 -0000, [email protected] wrote: > Quanah Gibson-Mount wrote: > > So from that standpoint, I'd personally prefer to see ldaps:/// qualified > > in an RFC so the standardization argument goes away and ldaps be noted as > > the preferred method for sites that require encryption. > > I agree there is no technical reason LDAPS would not be better. It should be > made standard.
There are technical reasons in fact, STARTTLS has (had) implementation issues both on client- and server-side: https://nostarttls.secvuln.info/ Not necessarily in OpenLDAP, but it illustrates why in general, protocols wrapped in TLS are now preferedd over STARTTLS. (See also RFC8314 for e-mail protocols.) Geert
