Re: LDAP Extension Style Guide, re interaction between controls

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 04:52 PM 8/27/00 +0100, David Chadwick wrote:
>Date sent:              Wed, 23 Aug 2000 09:58:11 -0700
>To:                     d.w.chadwick@salford.ac.uk
>From:                   "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
>
>> I suggest ignore both under the general principle of least
>> astonishment.  I suggest:
>> 
>> An operation may be extended by one or more controls.  If the
>> combination of controls is unrecognized, undefined, or the
>> server is otherwise unwilling to perform the operation as
>> extended by the sequence of provided controls,
>>   if any of the controls are marked critical, the server
>>   SHALL return unavailableCriticalExtension,
>
>I dont like this. Under the principle of "the server should do its best 
>to provide a useful service", it should obey the known critical 
>extension and ignore the non-critical ones.

I go back and forth on this issue.  I guess if the client wants
to ensure that the server fully recognizes the combination of
controls, the client should mark each the controls as critical.

So, basically, the server must ignore non-critical extensions
which don't make sense in the context of the operation.

If the operation has recognized and supported controls A, B and C.
Where A is critical, B and C are non-critical, the semantics of A+B and
A+C are defined, and the semantics of A+B+C are not defined (or
explicitly defined as invalid), then the server may perform either:
        A, A+B, or A+C.

>This was the suggested text that I sent to PKIX list that 
>unfortunately you did not receive (see below)

I do recall seeing that (directly, I'm not subscribed to the
PKIX list)...  I'll chat with you off line (if our MTAs will
cooperate).
        Kurt