[Date Prev][Date Next] [Chronological] [Thread] [Top]

Get rid of "suggested minimum upper bound"



HI!

Inspired by some discussion on ldap@umich.edu I will try to raise the discussion about the "suggested minimum upper bound" here.

Mainly because I believe any upper bound which is not mandantory is useless for implementations and should be removed from the standard.

If anyone considers some kind of upper bounds to contain valuable information for e.g. secure an implementation against DoS attacks we should discuss how to provide a mechanism for specifying a mandantory upper bound (hard limit) in a separate discussion thread.

Kurt D. Zeilenga wrote:
> At 03:34 PM 2002-03-07, Jim Willeke wrote:
>
>>
>>Now, exactly what is a "suggested minimum upper bound" ?
>>
>
> It suggests that implementations support at least that size.
> Servers may support larger sizes (many servers don't place
> arbitrary restrictions on size of values).
 > [..]
> There may be a hard upper bound, but this doesn't specify that
> that upper bound is.  It suggests servers should allow at least
> this length.

So there's no real value specifying a minimum upper bound. No implementation
can rely on it. Neither a LDAP client nor a server.

> The other section you note is known to be inconsistent.  4.3.2
> is generally considered (IMO) to reflect the intended semantics.
> This will be clarified in the next revision of the technical
> specification.

LDAPbis should consider to remove that misleading minimum upper bound from
the standards document because it's useless and causes nothing than confusion.

>>Should a server allow more?
>
> It may.

In practice it MUST because an implementation cannot derive any valuable information from suggested minimum upper bound.

Ciao, Michael.