Gen-ART LC Review of draft-zeilenga-ldap-dontusecopy-08
Ben Campbell <ben@estacado.net> Mon, 11 October 2010 21:38 UTC
Return-Path: <ben@estacado.net>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A99523A6B8A; Mon, 11 Oct 2010 14:38:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1U1ATYjvZ8OZ; Mon, 11 Oct 2010 14:38:02 -0700 (PDT)
Received: from estacado.net (estacado-pt.tunnel.tserv2.fmt.ipv6.he.net [IPv6:2001:470:1f03:266::2]) by core3.amsl.com (Postfix) with ESMTP id A4AE93A6832; Mon, 11 Oct 2010 14:38:01 -0700 (PDT)
Received: from dn3-174.estacado.net (dn3-174.estacado.net [172.16.3.174]) (authenticated bits=0) by estacado.net (8.14.3/8.14.2) with ESMTP id o9BLdAxV071225 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Mon, 11 Oct 2010 16:39:12 -0500 (CDT) (envelope-from ben@estacado.net)
From: Ben Campbell <ben@estacado.net>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: Gen-ART LC Review of draft-zeilenga-ldap-dontusecopy-08
Date: Mon, 11 Oct 2010 16:39:05 -0500
Message-Id: <624858D5-76CC-4245-A58A-B3C72279324F@estacado.net>
To: draft-zeilenga-ldap-dontusecopy.all@tools.ietf.org
Mime-Version: 1.0 (Apple Message framework v1081)
X-Mailer: Apple Mail (2.1081)
Cc: General Area Review Team <gen-art@ietf.org>, The IETF <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Oct 2010 21:38:04 -0000
I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART, please see the FAQ at <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>. Please resolve these comments along with any other Last Call comments you may receive. Document: draft-zeilenga-ldap-dontusecopy-08 Reviewer: Ben Campbell Review Date: 2010-10-11 IETF LC End Date: 2010-10-11 IESG Telechat date: (if known) Summary: This draft is almost ready to be published as a proposed standard, but I have some comments that should be considered first. Major issues: None Minor issues: -- General: (Let me preface my general comments with the admission that I am not an LDAP expert. Since this is a Gen-ART review, I'm approaching this as a generalist. If the answer is something like "Ben, if you new anything about LDAP this would all be obvious to you", that will not offend me in any way.) I'd like to see more explanation of the problem this needs to be solved. I assume that there is concern that copied or cached data may not be up to date, or otherwise not be authoritative. Some comments to that effect, along with reasoning for why this may happen in the first place would be helpful. A quick scan of 4511 and 4512 didn't turn up much about this, other than some passing references that some servers may shadow or cache dats from other servers., and not to accept modification requests against cached or shadowed data. Is there any other specification about LDAP cacheing, maintaining cache freshness, etc? I get a gut feeling that this extension effectively patches a hole in an implied delegation model for LDAP, but I don't find much in the way of explicit specification for that in the referenced docs (Maybe I should be looking at X.500 specs?). I'm not saying that this document should be burdened with a formal specification of the LDAP delegation model. But I think a little more context would be helpful. I'd also like to see some more guidance on when it's reasonable to use this extension. For example, wouldn't a client always want an authoritative answer to an interrogation? Why wouldn't it use this extension all the time? Does it hurt anything if it does? -- section 3, 2nd paragraph: I think this paragraph might be better restated normatively. -- section 4: The security consideration comments seem to be about caching in general. Does this extension make things any better or worse? RFC4510 has nothing to say about security beyond referring the reader to the security considerations in the technical specs. Nits/editorial comments: -- General There seems to be inconsistent use of the terms "copy", "shadow", "cache", "original" , and "master" between this draft and RFC 4510 and 4512. Maybe adding these terms to the terminology sections would help. -- Section 1, paragraph 3: Please expand DN on first use.
- Gen-ART LC Review of draft-zeilenga-ldap-dontusec… Ben Campbell
- Re: Gen-ART LC Review of draft-zeilenga-ldap-dont… Kurt Zeilenga