RE: I-Draft on signed operations

[Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au>]

Agree with Steve here. There is a bit more to signed ops than just the
stacks - its the operational control in the server, etc.
Our free DAP stack source code offer is still open to those who want to
sign an NDA. However, the changes for signed stuff will require a
parameterised type ASN.1 compiler (unless one wants to craft signed ops)
which we can provide for a modest cost.

regards alan


> -----Original Message-----
> From:	Steve Kille [SMTP:S.Kille@isode.com]
> Sent:	Sunday, April 05, 1998 10:10 AM
> To:	Vesna Hassler
> Cc:	ldap@umich.edu; ietf-ldapext@netscape.com
> Subject:	Re: I-Draft on signed operations
> 
> Vesna,
> 
> Thanks for this draft.   I believe that adding "native" signed
> operations to
> LDAP is not worth the effort.   I think that if you want to do signed
> operations, use of X.500 DAP is the right way to go.  If you REALLY
> hate the OSI stack that much, an approach such as the one take in the
> US Navy/NSA sldap project, which essentially used LDAP to fram DAP
> PDUs is the best option.
> 
> Reasons I say this:
> 
> 1) Currently LDAP and X.500 are pretty much compatible, and users can
> mix them as they need.  If you introduce LDAP signed operations, this
> is adding a fundamental incompatibility.
> 
> 2) Because of the complexity of the ASN.1 for signing, you are going
> to run into problems with LBER (this has already been pointed out).
> 
> 3) This is adding a lot of ASN.1 handling.   When you have this much
> ASN.1, it is easier to work with X.500 DAP than with LDAP.  
> 
> 
> Steve Kille