[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: protocol: closing SASL upon Unbind

To: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Subject: Re: protocol: closing SASL upon Unbind
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Wed, 08 Dec 2004 09:44:33 -0800
Cc: ietf-ldapbis@OpenLDAP.org
In-reply-to: <hbf.20041208e90n@bombur.uio.no>
References: <hbf.20041206kplu@bombur.uio.no> <6.1.2.0.0.20041206141714.031602d8@127.0.0.1> <hbf.20041206k6gs@bombur.uio.no> <6.1.2.0.0.20041206144418.03090598@127.0.0.1> <hbf.20041207smm3@bombur.uio.no> <6.1.2.0.0.20041207080704.0307cfd0@127.0.0.1> <hbf.20041207rx96@bombur.uio.no> <6.1.2.0.0.20041207085441.030c9b08@127.0.0.1> <6.1.2.0.0.20041207173305.03727f90@127.0.0.1> <hbf.20041208e90n@bombur.uio.no>

At 08:50 AM 12/8/2004, Hallvard B Furuseth wrote:
>Kurt D. Zeilenga writes:
>> (...) while I have no
>> problem with removing the ordering aspect of the current
>> text, I'd like to indicate that Unbind/Notice of Disconnect
>> are intended to affect a graceful closure.
>>
>> Hence, I suggest:
>>
>>    The client, upon transmission of the UnbindRequest, and
>>    the server, upon receipt of the UnbindRequest are to
>>    gracefully close the LDAP session by ceasing exchange
>>    at the LDAP message layer, tearing down any SASL layer,
>>    tearing down any TLS layer, and closing the transport
>>    connection.
>>
>> I note that while the 4 actions the implementation might need
>> to take are stated in the order which the implementation likely
>> would need to affect graceful closure of the LDAP session,
>> the text does not actually prescribe a particular order, nor
>> does it imply that any exchange within the SASL and/or TLS
>> layer would been necessary.
>
>It still looks like a list of actions to take to me,

It looks like an unordered list of actions to me.

>so if it is supposed to be unordered I'd prefer to swap SASL and TLS so it fits [SASL] if one does take it to be ordered. 

I don't see how switching the order fits SASL.  If one
were to take it as being ordered, the order (I think) is
generally appropriately for LDAP (as SASL is layered above
TLS).  It would be not wise to tear down TLS before SASL
as tearing down SASL could additional cipher buffer output,
which should rightly be protected by TLS.  Note that
the cipher buffers I refer to could be the result of
yet fully transferred response PDUs present at the time
the Unbind request was received.

The list of actions are presented top-down.  If we were
to switch SASL and TLS, some readers might mistaken think
TLS is layered above SASL.  I prefer to list protocol
layers top-down (or bottom-up).

>That seems more important
>than listing it in the order which looks more graceful.
>
>
>BTW, just to have stated it publicly: I didn't quite understand your
>previous objection to "SASL and TLS layers" without comma, and as
>discussed privately I disagree with part of your previous message
>anyway, but hopefully that's irrelevant now.

My point was that we should avoid variants of defined terms
as there can be ambiguity as to whether the variant was
intended to be used in a fashion consistent with the defined
term, or used in some other fashion.

The defined terms are "SASL layer" and "TLS layer", hence
"SASL layer and TLS layer" should be used instead of
"SASL and TLS layers".

Kurt

References:
- protocol: closing SASL upon Unbind
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: protocol: closing SASL upon Unbind
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: protocol: closing SASL upon Unbind
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: protocol: closing SASL upon Unbind
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: protocol: closing SASL upon Unbind
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: protocol: closing SASL upon Unbind
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: protocol: closing SASL upon Unbind
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: protocol: closing SASL upon Unbind
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: protocol: closing SASL upon Unbind
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: protocol: closing SASL upon Unbind
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

Prev by Date: Re: derefInSearching (was Re: protocol-27 comments #3)
Next by Date: Re: server-initiated connection closure vs. TLS/SASL closure (was: closing SASL upon Unbind)
Index(es):
- Chronological
- Thread