[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Attribute Name Length Bounds
Or that they think there needs to be more discussion...
Chris Apple - Principal Architect
DSI Consulting, Inc.
mailto:capple@dsi-consulting.net
http://www.dsi-consulting.com
-----Original Message-----
From: owner-ietf-ldapbis@OpenLDAP.org
[mailto:owner-ietf-ldapbis@OpenLDAP.org] On Behalf Of Chris Apple
Sent: Tuesday, June 24, 2003 2:50 PM
To: 'Jim Sermersheim'; ietf-ldapbis@OpenLDAP.org
Subject: RE: Attribute Name Length Bounds
I think that's a consensus judgment call that
the Co-Chairs need to make based on the discussion
so far...
Chris Apple - Principal Architect
DSI Consulting, Inc.
mailto:capple@dsi-consulting.net
http://www.dsi-consulting.com
-----Original Message-----
From: owner-ietf-ldapbis@OpenLDAP.org
[mailto:owner-ietf-ldapbis@OpenLDAP.org] On Behalf Of Jim Sermersheim
Sent: Monday, June 23, 2003 2:17 PM
To: ietf-ldapbis@OpenLDAP.org
Subject: RE: Attribute Name Length Bounds
Can we answer the question:
Does any work need to happen to the LDAP TS to address this particular
issue?
Any suggested changes I've heard so far have worried me for one reason
or another.
Jim
>>> "Ramsay, Ron" <Ron.Ramsay@ca.com> 6/19/03 9:59:36 PM >>>
This is a silly suggestiion, of course every octet in a PDU is
significant. If this was an ellipses for "every octet of every attribute
description in a PDU is significanr" then it is inappropriate - it is
not an ASN.1 issue, it is an application issue.
-----Original Message-----
From: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.org]
Sent: Friday, 20 June 2003 13:02
To: Howard Chu
Cc: ietf-ldapbis@OpenLDAP.org
Subject: RE: Attribute Name Length Bounds
At 08:29 PM 6/17/2003, Howard Chu wrote:
>> The point is that the possibility of interpreting
>> the specs in this way already set us up for deployment
>> issues related to several published schema with attribute
>> names on the longer side of what might have been considered
>> typical a few years ago.
>
>If the server rejects overly-long names with an error message, fine,
but your
>message implied that it silently ignored the characters comprising the
excess
>length in the name. If it seems that the spec is ambiguous about the
>significance of characters in a short name, perhaps it would be
sufficient to
>state in the the spec "all of the characters in an attribute name are
>significant.
One could argue that the TS should be clarified to say:
All bits of very octet of the PDU are significant unless stated
otherwise.
However, I think basically already says this already in X.680/X.690.
But,
I don't see much harm in restating this in [Protocol] (even though I
think
it a bit redundant and quite obvious).
I, however, think we should avoid per field statements (except for the
otherwise cases).
>If an attribute name is presented that exceeds a server's
>implementation limits, the server MUST fail the request with an error
code."
That would be, in general, a bad thing. Servers should treat attribute
type
names they don't recognize as unrecognized attribute types and many of
these
cases don't result in an error being returned.
Kurt