[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: C LDAP API: security considerations

To: "Paul Leach (Exchange)" <paulle@Exchange.Microsoft.com>, "'Kurt D. Zeilenga'" <Kurt@OpenLDAP.Org>, ietf-ldapext@netscape.com
Subject: RE: C LDAP API: security considerations
From: Bruce Greenblatt <bgreenblatt@directory-applications.com>
Date: Sun, 14 Nov 1999 19:02:21 -0800
In-reply-to: <19398D273324D3118A2B0008C7E9A569051BEA81@SIT.platinum.corp.microsoft.com>
Resent-date: Sun, 14 Nov 1999 19:07:53 -0800 (PST)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"_o0A7.A.POE._j3L4"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

I agree completely with Paul!

At 11:03 PM 11/13/99 -0800, Paul Leach (Exchange) wrote:
>Suggest one plausible way in which it is possible to specify policy to an
>application to do anything with the flexibility you insist must be present.
>
>I.e., suppose the application is informed that it has been given a referral.
>When and how will it decide to chase it, and when not?
>
>Applications have no idea how to answer the above question. Neither do
>users. If there were to be a mechanism to answer that question, and a way to
>specify the policy for answering it, they should be _below_ the level of the
>LDAP API, so that use of the mechanism and enforcement of the policy would
>_not_ depend on all the applications doing the right thing, since experience
>suggests that will never happen.
>
>
>> -----Original Message-----
>> From: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.Org]
>> Sent: Saturday, November 13, 1999 12:37 PM
>> To: ietf-ldapext@netscape.com
>> Subject: Re: C LDAP API: security considerations
>> 
>> 
>> After some additional thought on this matter, I believe it
>> inappropriate of API implementations to chase referrals without
>> application interaction.  An API implementations should
>> not assume the application's trust in the server providing
>> the knowledge information extends to the referenced server.
>
>Why? If the application trusts the first server to give correct answers, why
>shouldn't it trust the servers to which it gives referrals?
>
>> 
>> A client application should be in direct control of which
>> servers it does or doesn't connect to.  A client application
>> should be in direct control of which request are submitted
>> to servers.  A client application should be in direct control
>> of which information is provided with each request.
>> 
>> I suggest that the default behavior of API implementations
>> should be to NOT chase referrals.  I suggest we extend
>> the API specification to provide a mechanism to allow
>> applications that wish to progress the operation to do so
>> under the application's control.  If the application fails
>> to utilize this mechanism, the API implementation should
>> not chase the referral.
>
>I suggest that the default should be to chase referrals, and that an
>application which is worried about chasing referrals should have a way to
>opt out by providing a mechanism such as you suggest.
>
>If referral chasing is not easy for applications, it won't usually be done.
>
>If referral chasing is not usually done, then the freedom of a server to
>partition its NC onto several servers with referrals to bridge them will be
>eliminated.
>
>> 
>> I also suggest that we then add a security consideration
>> to the C LDAP API I-D that encourages applications to
>> interact with users to determine if chasing is appropriate.
>
>Nonsense. Users always say "yes".
>
>Paul
>
>
>
==============================================
Bruce Greenblatt, Ph. D.
Directory Tools and Application Services, Inc.
http://www.directory-applications.com

References:
- RE: C LDAP API: security considerations
  - From: "Paul Leach (Exchange)" <paulle@Exchange.Microsoft.com>

Prev by Date: put money into your pocket today!
Next by Date: puts money into your pocket!
Index(es):
- Chronological
- Thread