Comments on draft-ietf-ldapext-ldapv3-tls-01.txt

[Ryan Moats <jayhawk@att.com>]

While I don't have any "showstoppers", I do have
two comments for clarity.

Ryan Moats

=======

>When a Start TLS extended request is made, the server MUST return an
>LDAP PDU containing a Start TLS extended response.  An LDAP Exten-
>dedResponse is defined as follows:
>
>     ExtendedResponse ::= [APPLICATION 24] SEQUENCE {
>             responseName            [0] LDAPOID OPTIONAL,
>             response                [1] OCTET STRING OPTIONAL,
>             standardResponse        [2] LDAPResult }
>
>A Start TLS extended response MUST contain a responseName field which
>MUST be set to the same string as that present in the Start TLS extended
>request. The response field is absent. The server MUST set the
>resultCode of the standardResponse field to either success or one of the
>other values outlined in section 3.3.

It took me two or three readings to realize that the "same string" referred
to
the requestName from the extended request, but I'm still not clear if that's
the case.  More clarity in the last paragraph would help (IMHO)
implementation.

>The result of violating any of these requirements is described above in
>section 3.3.

Again, just for clarity, it might be better to actually say what the error
code returned is while referring to section 3.3 (saves the reader from going
back)