[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: "connections" (Was: protocol-22 comments)

Kurt D. Zeilenga writes:
>At 11:48 AM 4/17/2004, Hallvard B Furuseth wrote:
>>Kurt D. Zeilenga writes:
>>> I suggest:
>>>    "stream" to refer to the underlying transport layer.
>>>    "connection" to the LDAP layer (where LDAP PDUs are exchanged)
>>>         (and used without regard to whether protective-layers are
>>>         or are not in place).
>>I thought "connection" usually meant something close to what you call
>>"stream". E.g. to "close the connection" means that the communication
>>is torn down completely.
>>How about "connection" for your "stream", and "LDAP <layer? stream?>"
>>for your "connection"?
> I did consider that, but will "connection" could easily
> refer to either level of communication, the term "stream"
> seemed not to apply well at the LDAP level.

Heh.  If you swapped "connection" and "stream" in that statement, I
would agree completely:-)  About the stream, maybe you think physical
stream and I data stream.  I must admit that I'm no expert at
networking and networking terms, though.

Anyway, "LDAP layer" seems to work anyway - fits nicely with the
TLS and SASL layers.

Also, we still need a term for "dropping/closing" the connection,
and I think that should refer to your "stream" layer.

>>>    "protective layer" to refer to either a TLS or SASL layer
>> Or e.g. IPsec, I hope.
> No.  While IPsec offers data security services, those servers
> are below the transport (and hence not factored into these
> terms).  Here I am using "protective layer" to refer to those
> kinds of data security services which can be inserted, as a
> layer, between the LDAP exchange of messages and the underlying
> transport protocol.

OK, but then that should be clarified explicitly in the definition.
Though I kind of hope we won't need the term.
Perhaps "protective LDAP layer" is better, as a reminder that the layer
is part of the LDAP specification.  (BTW, I'm not sure if it would be
right to say SASL and TLS are part of the LDAP protocol or not?)

How about layers invoked by LDAP extensions, similar to StartTLS?

>>Since you say:
>>>    "unprotected connection" to refer to a connection not
>>>         protected by a protective layer
> I define the term "unprotected connection" without consideration
> to whether the underlying transport is protected.  That is,
> I exclude (in the terms, not in practice) protections that
> might be offered at any layer in or below the underlying
> transport protocol.  Such, while could be useful, is not
> integral part of LDAP.

Then it's misleading to call it "unprotected".  Unless someone
comes up with a better term, maybe it's best to spell out
"<connection/stream/whatever> with no protective (LDAP) layer".