[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: C API: minor comments
> -----Original Message-----
> From: Mark Wahl [mailto:M.Wahl@INNOSOFT.COM]
> Sent: Monday, November 15, 1999 1:14 PM
> To: mcs@netscape.com
> Cc: M.Wahl@INNOSOFT.COM; howes@yahoo.com; Andy Herron
> (Exchange); Anoop
> Anantha (Exchange); kurt@OpenLDAP.Org; ietf-ldapext@netscape.com
> Subject: C API: minor comments
>
>
>
> Two last call comments on the C API regarding unsolicited
> notifications:
>
> I recommend that in section 5 we add:
>
> Implementations of the API SHOULD begin numbering messages with 1, to
> be able to easily distinguish client-generated requests and
> unsolicited
> notifications.
Quite probably a bad idea. It means that the IDs are predictable, making it
easier for an attacker to spoof requests or replies. It may not matter as
much with LDAP/TCP, but with LDAP/UDP it would.
How about suggesting that requests be even and unsolicited notifications be
odd?
Paul