[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Policy in IETF APIs (was: Standards and APIs)

To: "'Kurt D. Zeilenga'" <Kurt@OpenLDAP.Org>, "Paul Leach (Exchange)" <paulle@Exchange.Microsoft.com>
Subject: RE: Policy in IETF APIs (was: Standards and APIs)
From: "Paul Leach (Exchange)" <paulle@Exchange.Microsoft.com>
Date: Fri, 19 Nov 1999 12:57:38 -0800
Cc: ietf-ldapext@netscape.com
Resent-date: Fri, 19 Nov 1999 12:57:56 -0800 (PST)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"v6B-HC.A.5vF.LnbN4"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com


> -----Original Message-----
> From: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.Org]
> Sent: Friday, November 19, 1999 10:17 AM
> 
> However, I do not believe there is wide support for redesigning
> the LDAP C API.

There would be NO CHANGE in the API. I proposed _implementation
requirements_ that are invisible to clients.

> 
> To improve API security within the existing draft it wise to
> state that implementations should not perform operations (such
> as chasing referrals) without application interaction.

This does not improve security -- it sweeps the need for it under the rug.

> 
> "MUST be configurable" is, in my opinion, better left
> to much higher level APIs.

What you are saying is that security is to be left to (non-existent) upper
layers. That means it won't be secure. All experience in this area supports
that contention. One of the most elementary security rules is that security
can not be left to applications.

Paul

Prev by Date: RE: I-D ACTION:draft-mmeredit-rootdse-vendor-info-00.txt
Next by Date: Re: LDAPDN and AuthMeth/DIGEST-MD5
Index(es):
- Chronological
- Thread