[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: AW: LDAP Certificate transfer syntax

To: ietf-ldapbis@OpenLDAP.org
Subject: Re: AW: LDAP Certificate transfer syntax
From: Peter Bachman <peterb@cequs.com>
Date: Tue, 09 Apr 2002 15:57:58 -0400
Organization: Cequs Inc.
References: <5.1.0.14.0.20020409105853.02615830@127.0.0.1>
User-agent: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:0.9.9) Gecko/20020311

Kurt D. Zeilenga wrote:

At 10:44 AM 2002-04-09, Fantou Patrick wrote:

I am not sure this discussion really brings us further.

I think this discussion is bringing us further along.  It has,
at least, boiled down this particular debate to one issue:
   whether or not ;binary is required when the binary
   encoding of a value is transferred in the protocol.


Nicely put.

Perhaps there is a scoping problem with the requirements, and ;binary is either a good candidate to act as a proxy for those more general transfer requirements, or is a special use case which can't be neatly generalized to the other issues in the state machine, and thus could be disposed with in a specific fashion.

This would relate to Fantou's comment that there is "no choice with attributes like certificates", which to me would indicate that decision to encode in a particular way has dependencies outside the scope of the protocol, one of which is accepted practice.

If the following snnipet from RFC 2251 is true, then the core requirement or value behind ;options is not to facilitate interoperability, but to allow for flexibility, where agreement may not be forthcoming, with the understanding that community of "conforming" participants may need to negotiate for their own compatibility.

> Any option could be associated with any AttributeType, although not
>    all combinations may be supported by a server.

This of course adds to potential network overhead for negotiation by the implementors. If something breaks, which I remember happening with PPP and C023, the recourse is to go back to the state machine, and see what required message was not sent or replied to. But as Kurt said, is it required? There is a brokenness that comes from failing to ack, a brokeness that comes from making a requirement that does not belong, but a brokeness that comes from not implementing to an actual valid requirement is a change management issue.

If the client can probe the server with * and get back the actual supported AttributeTypes, why can't it decide what to do? What am I missing here? A defined "example" for an "option" would have to get some legs to be a requirement.

-pb

References:
- Re: AW: LDAP Certificate transfer syntax
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: AW: LDAP Certificate transfer syntax
Next by Date: RE: AW: LDAP Certificate transfer syntax
Index(es):
- Chronological
- Thread