On Jun 2, 2010, at 11:11 AM, Michael Str=F6der wrote:
Kurt@OpenLDAP.org wrote:
However, one issue I have with this code is that highly dependent =3D behaviors which, aside from not be standardized, aren't even =
specified =3D
in RFCs. For instance, there is no RFC describing dnsHostName or =3D ldapServiceName or any specification detailing how GSS-SPNEGO is to =
be =3D
used in LDAP. Without a formal specification (e.g., RFC), I oppose =3D=
release of this code. That is, it should stay HEAD only until such =
time =3D
that a formal specification (e.g., RFC) is available.
=20 Kurt, I somewhat can understand your concerns. But as a general answer to your comment above: There is already a lot =
of code
in OpenLDAP for which no RFC or at least an I-D was specified but =
which serves
a certain use-case. Strictly (following your statement above) speaking =
one
would have to hunk out all the stuff only specified in I-Ds.
An I-D would be a start. I would think there's a number of interesting = security considerations that would bubble up if someone would ever have = taken the time to submit a specification regarding use of SPNEGO in SASL = and in application protocols such as LDAP to an open standards = organization such as the IETF.
So I don't see the strong need to be overly strict here.
It's long been a stated goal of the project to promote interoperability = through open standards. This work seems more to come from a community = whose stated goal is to behave like one particular vendor. I'm not a = fan of chasing any particular vendor.
Quality of certain code is another story. But I cannot comment on =
this.
How can one independently verify the code acts as intended without a = specification of the intended behavior? (Saying it should act like = some particular commercial product, is not a specification.)
-- Kurt
=20 Ciao, Michael.