Ulp. There are too many considerations going on simultanously....
1. What creds to use to chase referrals -- some are weak, some cost the target too much CPU (public key)
2. What should one do if the target charges money for a search (e.g.)
3. What's the LDAP API for, anyway.
I'm only going to address #1 in this message.
> -----Original Message-----
> From: Harald Tveit Alvestrand [mailto:Harald@Alvestrand.no]
> Sent: Wednesday, November 17, 1999 5:23 AM
>
> IF one implements the current spec as "simple credentials are
> reused", the
> result is that the right to write an operational entry
> causing a referral
> is now equivalent to the right to capture all passwords used
> in LDAP with
> referrral-chasing applications.
I'm _not_ in favor of that. (If it were up to me, simple creds would just be MUST NOT all the time and this wouldn't be such an issue.)
For this aspect of the problem I think we can figure out what the default Right Thing is. Here's a stab at it:
Security considerations dictate that referrals should be chased either anonymously, or with strong authentication protocols. (A strong authentication protocol is one that it is safe to use even to a hostile server or in the presence of eavesdroppers or active attackers.)
In that model, a client would use strong auth when chasing a referral if the server supports strong auth, otherwise chase it anonymously.
I don't think this has security issues, although the other considerations may weigh upon it.
Paul