[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: ;binary migration solution

To: "'Hallvard B Furuseth'" <h.b.furuseth@usit.uio.no>
Subject: RE: ;binary migration solution
From: "Steven Legg" <steven.legg@adacel.com.au>
Date: Tue, 26 Nov 2002 10:05:42 +1100
Cc: <ietf-pkix@imc.org>, <ietf-ldapbis@OpenLDAP.org>
Importance: Normal
In-reply-to: <HBF.20021121mwo0@bombur.uio.no>

Folks,

Hallvard B Furuseth wrote:
> - If a search requested an attribute with the "binary" option,
>   it is added to that attribute in the search result (if that
>   attribute is returned).

It is all well and good to propose that ";binary" be in the returned
attribute description if and only if ";binary" is in the original request
but what if the original request was for all user attributes (i.e. "*") ?
This facility is being ignored in all this discussion about ";binary".

As things stand today, we have a significant body of LDAPv3 compliant
implementations that expect to get back "userCertificate;binary" from
a request for "*". In any phased migration away from the use of ";binary",
at some point compliant directory servers will have to change from returning
userCertificate;binary to just returning userCertificate and this will
break currently conformant clients.

David Chadwick is the only one who has proposed a safe way to
effect a migration (using controls). However, since such a migration
delivers no practical benefit to conformant PKI clients (just a different
way of asking for the same thing), I think the pain of migration is
not justified.

Regards,
Steven

Follow-Ups:
- RE: ;binary migration solution
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

References:
- Re: ;binary migration solution
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

Prev by Date: Syntaxes draft on directory updates
Next by Date: Re: I-D ACTION:draft-ietf-ldapbis-models-03.txt
Index(es):
- Chronological
- Thread