Re: "connections" (Was: protocol-22 comments)

[Hallvard B Furuseth <h.b.furuseth@usit.uio.no>]

Kurt D. Zeilenga writes:
>At 10:55 AM 3/12/2004, Hallvard B Furuseth wrote:
>>Kurt D. Zeilenga writes:
>>> I've been thinking a bit more about the different uses of "connections"
>>> in the document.  It seems that "LDAP connection" is used both to
>>> refer to the underlying transport connection as well as the LDAP-level
>>> connection (e.g., the layer in which LDAP messages are exchanged),
>>
>>Can you give an example of the latter?  I can't find any.
> 
> How about the use of the term "TLS-protected LDAP connection"?
> TLS is not protecting the underlying connection, it's protecting
> the exchange of LDAP messages.

True.  I suggest to use "LDAP connection with TLS protection".

> And, is the association really at the underlying connection or
> at the LDAP exchange?

I can't see that it matters.  The connection and the exchange are
associated, in a 1-1 manner.  When you have one, you have the other.
And data passes through the connection, not through the association.
(At least I hope so.  If anything sends an LDAPMessage "over the
association", it should be fixed.)

> In processing a bind, the spec says "to bind on the existing
> connection" when the Bind, when TLS or SASL have been establish,
> certainly is done on the underlying connection.

Again I don't see that it matters.  But actually I think this one is
correct: "To bind" is an action, not a protocol element.  The client
performs it through the interface it has to the server, in the manner
required by the interface.  And the interface is the connection.
Just as "to fetch a document over HTTP" does not imply that the
resulting document includes the HTTP header.
OTOH, "to send a bind request" over the connection would be wrong.

-- 
Hallvard