[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: C LDAP API: security considerations

To: Harald Tveit Alvestrand <Harald@Alvestrand.no>
Subject: Re: C LDAP API: security considerations
From: Mark Smith <mcs@netscape.com>
Date: Tue, 16 Nov 1999 09:41:45 -0500
Cc: "Paul Leach (Exchange)" <paulle@Exchange.Microsoft.com>, ietf-ldapext@netscape.com
Organization: Netscape Communications
References: <4.2.0.58.19991116044813.04d01ea0@dokka.maxware.no>
Resent-date: Tue, 16 Nov 1999 06:41:57 -0800 (PST)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"eofmF.A.xsB.s0WM4"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

Harald Tveit Alvestrand wrote:
> ...
> My concern is that a client should be *able* to behave in a way that is
> both non-malicious and secure; at the moment I don't think we're ready to
> standardize this, so following referrals should be done above the API layer
> that we're currently attempting to standardize.

This argues for removing all references to "automatic" referral chasing
from the C LDAP API draft.  As others have pointed out, automatic
referral chasing is under specified at present, so removing  it is a
sane thing to do.  But most clients would like an automatic option, so
if we do remove it we should tackle it in a subsequent document.

-- 
Mark Smith
iPlanet Directory Architect / Sun-Netscape Alliance
My words are my own, not my employer's.   Got LDAP?

References:
- RE: C LDAP API: security considerations
  - From: Harald Tveit Alvestrand <Harald@Alvestrand.no>

Prev by Date: RE: AuthzIDs or DNs, but not both
Next by Date: Re: AuthzIDs or DNs, but not both
Index(es):
- Chronological
- Thread