[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: "connections" (Was: protocol-22 comments)

To: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Subject: Re: "connections" (Was: protocol-22 comments)
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Fri, 12 Mar 2004 11:05:49 -0800
Cc: ietf-ldapbis@OpenLDAP.org
In-reply-to: <HBF.20040312gjc@bombur.uio.no>
References: <6.0.1.1.0.20040312074442.04916570@127.0.0.1> <6.0.1.1.0.20040312095443.047299b8@127.0.0.1> <HBF.20040312gjc@bombur.uio.no>

At 10:55 AM 3/12/2004, Hallvard B Furuseth wrote:
>Kurt D. Zeilenga writes:
>> I've been thinking a bit more about the different uses of "connections"
>> in the document.  It seems that "LDAP connection" is used both to
>> refer to the underlying transport connection as well as the LDAP-level
>> connection (e.g., the layer in which LDAP messages are exchanged),
>
>Can you give an example of the latter?  I can't find any.

How about the use of the term "TLS-protected LDAP connection"?
TLS is not protecting the underlying connection, it's protecting
the exchange of LDAP messages.

And, is the association really at the underlying connection or
at the LDAP exchange?

In processing a bind, the spec says "to bind on the existing
connection" when the Bind, when TLS or SASL have been establish,
certainly is done on the underlying connection.

>> and that this is causing some confusion in the specification.
>
>The definition "LDAP connection" = "underlying transport protocol
>connection" does seem confusing, the name sounds more like the LDAP-
>level connection.  As you thought it meant in your response to my
>'protocol-22 comments'.  Maybe the term should be dropped in favor of
>"connection", which is already defined to mean the same thing.
>([Protocol] section 2, [Authmeth] section 2.1.)
>
>
>BTW, I've just been trying to construct a problem with this by messing
>up the terminology: Define another service than LDAP over TCP, one which
>has a layer between the transport and the LDAP (or LDAP+TLS/SASL)
>protocol.  Then the "connection" and the "transport protocol" in the
>drafts will have to refer to that layer, not the actual transport.  Some
>language like "misdirecting the connection" in [Authmeth] will then be
>wrong, since misdirection will occur at the underlying level.  I can't
>think of a worse problem than that at the moment, but I haven't exactly
>checked all occurrences of "connections" to see if there is a problem.
>
>-- 
>Hallvard

Follow-Ups:
- Re: "connections" (Was: protocol-22 comments)
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

References:
- Re: protocol-22 comments
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- "connections" (Was: protocol-22 comments)
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: "connections" (Was: protocol-22 comments)
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

Prev by Date: Re: "connections" (Was: protocol-22 comments)
Next by Date: TLS/DIGEST-MD5 vs. non-TCP LDAP
Index(es):
- Chronological
- Thread