MJ J wrote: > You're right, except for the fact that deploying 2 lines of new code > into production can still be a long process ;-) The phrase comes to > mind: If it ain't broken, don't fix it. You're free to decide to ignore good advice. But you have to accept that someone might point out flaws in your solution to prevent other list readers falling into the same trap. Your emotional reactions on-list and off-list are completely inappropriate. With security hat on: The sum of such loose ends make out the attack surface. Personally even after almost 20 years with LDAP I'm a dwarf standing on the shoulder of giants. And I'm still learning. In particular in the context of this discussion I'm happy that others wrote down protocol specs for improving robustness, e.g. RFC 4527 etc. Especially since I already had to track down read-after-write issues in replicated deployments with so-called enterprise software - which can take days. Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature