Re: C LDAP API: security considerations

[rweltman@netscape.com (Rob Weltman)]

"Kurt D. Zeilenga" wrote:

> After some additional thought on this matter, I believe it
> inappropriate of API implementations to chase referrals without
> application interaction.  An API implementations should
> not assume the application's trust in the server providing
> the knowledge information extends to the referenced server.
>
> A client application should be in direct control of which
> servers it does or doesn't connect to.  A client application
> should be in direct control of which request are submitted
> to servers.  A client application should be in direct control
> of which information is provided with each request.
>
> I suggest that the default behavior of API implementations
> should be to NOT chase referrals.  I suggest we extend
> the API specification to provide a mechanism to allow
> applications that wish to progress the operation to do so
> under the application's control.  If the application fails
> to utilize this mechanism, the API implementation should
> not chase the referral.

  That is the behavior of the Java LDAP API (although I can't claim that I had thoroughly thought through the pros and cons of having the default behavior be to not follow referrals).

Rob

>
>
> I also suggest that we then add a security consideration
> to the C LDAP API I-D that encourages applications to
> interact with users to determine if chasing is appropriate.
>
> I also believe it wise to review the security considerations
> of RFC2251 in the area of knowledge information trust.
>
> Kurt