RE: C LDAP API: security considerations

["Paul Leach (Exchange)" <paulle@Exchange.Microsoft.com>]

> -----Original Message-----
> From: Harald Alvestrand [mailto:Harald@Alvestrand.no]
> Sent: Wednesday, November 10, 1999 8:06 AM
> To: Paul Leach (Exchange); Kurt D. Zeilenga
> Cc: ietf-ldapext@netscape.com
> Subject: RE: C LDAP API: security considerations
> 
> 
>> At 06:23 10.11.99 -0800, Paul Leach (Exchange) wrote:
>> But if the authentication is strong, there's no reason not to
automatically chase referrals.

> Consider that if you're using an RSA-based mechanism for 
> authentication, 
> and the referral is to a public directory, the failed login step will 
> consume a significant number of CPU-seconds.

Actually, when I said there was no reason to not chase the referrals, I
really meant there was no _security_ related reason to not chase them. 

Secondly, I'm not sure I completely understand the scenario. I see two
interpretations:

1. If the public directory is really public, then it should not require any
authentication. As such, I believe that the SASL negotiation, which
originates at the server, would tell the client not to bother doing any
authentication work. However, one of the experts in how LDAP auth works
should make sure I'm not in left field (i.e., completely wrong). And if it
doesn't work this way, it ought to  :-)

2. If the public directory requires authentication, and allows public key
authentication, and the problem you point out existed, it would be a denial
of service problem with the implementation of the public directory. And as
such wouldn't constitute an argument against doing authenticated referrals.
It might argue that we need a way to avoid such DOS attacks in LDAP itself,
in which case your comment about more work begin needed would be correct.

Paul