Re: C LDAP API: security considerations

["Kurt D. Zeilenga" <Kurt@OpenLDAP.Org>]

After some additional thought on this matter, I believe it
inappropriate of API implementations to chase referrals without
application interaction.  An API implementations should
not assume the application's trust in the server providing
the knowledge information extends to the referenced server.

A client application should be in direct control of which
servers it does or doesn't connect to.  A client application
should be in direct control of which request are submitted
to servers.  A client application should be in direct control
of which information is provided with each request.

I suggest that the default behavior of API implementations
should be to NOT chase referrals.  I suggest we extend
the API specification to provide a mechanism to allow
applications that wish to progress the operation to do so
under the application's control.  If the application fails
to utilize this mechanism, the API implementation should
not chase the referral.

I also suggest that we then add a security consideration
to the C LDAP API I-D that encourages applications to
interact with users to determine if chasing is appropriate.

I also believe it wise to review the security considerations
of RFC2251 in the area of knowledge information trust.

Kurt