Re: draft-ietf-ldapbis-syntaxes-02: oid = descr / numericoid

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 08:45 AM 2002-09-01, Michael Ströder wrote:
>Kurt D. Zeilenga wrote:
>>I note that these productions has been moved to
>>draft-ietf-ldapbis-models, Section 1.3 (Common
>>Productions).
>
>Same issue in draft-ietf-ldapbis-models-02:

Most certainly.  The issue is LDAP wide.  My comment was
to note that [ldapbis-models] now defines the <oid>
production and states the base implementations requirements
associated with it.

I believe that LDAP use of short names as aliases for
OIDs is fundamentally flawed and is the root cause of
multiple interoperability and security problems.  You've
also noted that reliance on subschema discovery is also
quite problematic, I agree.  Aside from being difficult
to implement, there are numerous cases where subschema
discovery cannot be used to disambiguate short names.
For example, subschema is useless for disambiguating
short names in DNs.

In regards to your specific suggestion to resolve the
problems, I note that one might as well eliminate <descr>
choice than prefer <numericoid> over <descr>...

Kurt