[Ietf-not43] First draft on Relay bags in FIRS

Andrew Newton anewton at ecotroph.net
Thu Aug 14 14:56:53 EDT 2003 

Peter Gietz wrote:
> 
> I am not aware of any error codes not specified in 2251 nor of any 
> extension mechanism to specify new error codes (There is an exception 
> for API error codes 81-90, but they MUST NOT be returned by a server). 
> Thus I think it is breaking the LDAP protocol to add new error codes for 
> LDAP based services. I may be wrong here, but cannot find any evidence 
> that tells me I am. I think the proposal to use 2, 53 and 51 for the 
> FIRS errors is not overloaded and the clients can  react apropriately 
> without any additional hints. Nevertheless I proposed such additional 
> hints in the errorMessage, which are specified (in 2251) as :

The need is for the client to unambigously (sp?) understand the 
difference.  I'm not sure overloading the existing error codes and using 
the errorMessage field is an excellent idea.  However, it might work if 
the field were given a reserved value (or started with a reserved value
so that the rest of the field could be used for its original purpose.

> 
> Now comes Solution II:
> 
> The alternative, Eric is proposing, is to use the extension mechanism in 
> the LDAP URL, which is specified in RFC 2255 (text in [[ ]] are my 
> comments):

While I do not believe there is an official limit to the size of a URL,
they certainly weren't meant to contain large amounts of data.  There 
have definitely been pieces of software that have not played well with 
large URLs.  This seems like a mistake we should not recreate.

> 
> Solution III:
> Another very easy solution would be to always give back only one 
> referral to the client, but that might not be what we want either.
> If the Relay Bag is to store information about the referring server and 
> about the client, we would not need more than one relay bag. But this 
> would make it impossible, e.g. to encrypt the relay bag information with 
> the public key of the server referred to, and we might want to have that.

This seems rather limiting.  I'd rather see Solution I worked out.

-andy

More information about the Ietf-not43 mailing list