Re: [Models] An attribute value should be equal to self

[Hallvard B Furuseth <h.b.furuseth@usit.uio.no>]

Steven Legg <steven.legg@eb2bcom.com>
> I will have to review that discussion yet again soon...
>
> It was a short thread:
> http://www.openldap.org/lists/ietf-ldapbis/200411/msg00190.html

Ah, thanks.

Kurt D. Zeilenga writes:
>At 05:20 PM 3/7/2005, Steven Legg wrote:
>> I dislike it too. I would prefer that LDAPprep removes troublesome
>> characters instead of failing.

I'm not sure that is right; it might be better to translate them to some
otherwise unused character or leave them alone or something.  Or let
EQUALITY match use a fallback which does not do LDAPprep if LDAPprep
fails, like Rici suggested.

> It is not clear to me that X.500 requires for every equality
> matching rule R and every value X of the applicable attribute
> value syntax that:
>         R( X, X ) == TRUE
>
> In absence of a guarantee that R( X, X) is always TRUE,
> the [Models] statement in necessary.

Necessary for what?

In view of the above thread, security is the only remaining argument
I remember which I buy for letting LDAPprep fail AND letting mess up
everything else, and that's because I do not know Unicode nearly well
enough to judge the security issues.

-- 
Hallvard