[Date Prev][Date Next] [Chronological] [Thread] [Top]

MORE ---comments on:draft-ietf-ldapext-sigops-01.txt

To: "''ietf-ldapext@netscape.com ' '" <ietf-ldapext@netscape.com>, ''Bruce Greenblatt ' ' <Bgreenblatt@rsa.com>, Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au>
Subject: MORE ---comments on:draft-ietf-ldapext-sigops-01.txt
From: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au>
Date: Sun, 26 Jul 1998 14:01:19 +1000
Resent-date: Sat, 25 Jul 1998 21:02:17 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"Jvj-62.0.Kp.7fgkr"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

 

Dear all, once upon a time LDAP was promoted as Lightweight in contrast
with bad old DAP. This was wrong. In addition LDAP has got limited
functions ie its really Limited DAP. If the above document is understood
then what is going on. ie -  we take the LDAP operation, make a
duplicate, take all? or part of the duplicate - sign that and put that
as MIME  body parts and then put this in the Control field of the
original LDAP and send it to the server.

This is really not a "signed operation" as such but an enclosed signed
audit record as a field of the operation.

At the receiveing end, the server has to get the signed LDAP operation
in the control element and store that in the entry concerned - unless
its a delete or rename , then the zombies creep in! 

However, to verify the operation in the first place the Server has to
either verify the control field signed LDAP message and throw the outer
unsigned LDAP casing away and apply the integrity checks to the signed
part OR

 it can verify the signed LDAP part against the unsigned part and if OK
use any one to process the operation on the directory and store the
signed control field - LDAP operation in the entry. Obviously to verify
the signed part, the DSA has to check the signature cert in the Users
entry and the cert path - which we all know is impossilble with non
distributed LDAP servers.. Unless the users Cert Auth is in the same
server.

In the above, the following is possible.
The outer non signed LDAP message can be corrupted in transit and loose
its integrity in one of the parts which is not the control field signed
part.

So what happens now - do we have a audit record on an entry which said
it was updated with a value - but the actual value applied was corrupt?


In addition we now have LDAP requests twice as long as normal LDAP or
DAP requests.

ie. LDAP is really is becoming THE Leadweight DAP with more
inconsistencies than the number of rivets in the Sydney Harbour bridge.


Perhaps I should just keep quiet about these things because it seems
that every addition to LDAP is making it more unusable and less
scaleable and less efficient and less reliable....and with less
integrity.
perhaps there are some who want to go down that path - well , I rather
build a commercial directory systems.

 
regards alan

Prev by Date: comments on:draft-ietf-ldapext-sigops-01.txt
Next by Date: Re: userPassword question
Index(es):
- Chronological
- Thread