Re: [Ldap-dir] DLAP Directorate review request for draft-dawkins-ldapext-subnot

Kurt Zeilenga <Kurt.Zeilenga@Isode.com> Wed, 14 October 2009 20:56 UTC

Return-Path: <Kurt.Zeilenga@Isode.com>
X-Original-To: ldap-dir@core3.amsl.com
Delivered-To: ldap-dir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BE2613A69C9 for <ldap-dir@core3.amsl.com>; Wed, 14 Oct 2009 13:56:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.299
X-Spam-Level:
X-Spam-Status: No, score=-2.299 tagged_above=-999 required=5 tests=[AWL=0.300, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VI6L66S-VeU9 for <ldap-dir@core3.amsl.com>; Wed, 14 Oct 2009 13:56:19 -0700 (PDT)
Received: from rufus.isode.com (rufus.isode.com [62.3.217.251]) by core3.amsl.com (Postfix) with ESMTP id 9AEB63A686A for <ldap-dir@ietf.org>; Wed, 14 Oct 2009 13:56:18 -0700 (PDT)
Received: from [192.168.1.101] ((unknown) [75.141.233.128]) by rufus.isode.com (submission channel) via TCP with ESMTPSA id <StY68gBfG0X4@rufus.isode.com>; Wed, 14 Oct 2009 21:56:19 +0100
X-SMTP-Protocol-Errors: NORDNS
From: Kurt Zeilenga <Kurt.Zeilenga@Isode.com>
In-Reply-To: <4AD62F79.6090703@isode.com>
Date: Wed, 14 Oct 2009 13:56:03 -0700
Message-Id: <8161E89A-7D94-4347-80E8-9E736B00E8CC@Isode.com>
References: <7A57206D08E2483A8136B7AEA627CEB1@china.huawei.com> <4AD62F79.6090703@isode.com>
To: Alexey Melnikov <alexey.melnikov@isode.com>
X-Mailer: Apple Mail (2.1076)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Cc: LDAP Directorate <ldap-dir@ietf.org>, Lisa Dusseault <lisa.dusseault@gmail.com>, Spencer Dawkins <spencer@wonderhamster.org>, Xun Peng <xunpeng@huawei.com>
Subject: Re: [Ldap-dir] DLAP Directorate review request for draft-dawkins-ldapext-subnot
X-BeenThere: ldap-dir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: LDAP Directorate <ldap-dir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ldap-dir>, <mailto:ldap-dir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ldap-dir>
List-Post: <mailto:ldap-dir@ietf.org>
List-Help: <mailto:ldap-dir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ldap-dir>, <mailto:ldap-dir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Oct 2009 20:56:19 -0000

The immediate question I have is "but why?"  That is, I'd like to  
understand better what the application requirements are so that I can  
analysis whether or not this mechanism mets those requirements.  I'd  
also like to understand better why none of the existing extensions in  
this area were (presumedly) found to do not address the application  
requirements.

I am curious as to why firewalls and NATs are mentioned in the  
applicability of the specification.  Does this extension not have the  
same basic issues with firewalls and NATs that simple LDAP has?  That  
is, LDAP generally works just fine (*) through firewalls and NATs so  
long as they are configured to allow traversal, as most TCP-based  
client/server protocols do.  (* expecting issues with reverse NAT and  
knowledge references, and the like).

I didn't dig into the particulars of the extension protocol yet.  I  
defer comments here until I better understand the "why?".  But on  
first glance, I suspect it suffers from many of the problems folks  
have found in triggered searches and like extensions.

On security considerations, I suspect there are many considerations  
that this extension, by itself, raises.  Just referencing general LDAP  
security considerations seems quite inadequate to me.

-- Kurt

On Oct 14, 2009, at 1:07 PM, Alexey Melnikov wrote:

> Spencer Dawkins wrote:
>
>> Hi, LDAP Directorate,
>
> Hi Spencer,
>
>> Some of you may be aware of a 3GPP CT4 proposal to add a subscribe/ 
>> notify capability to LDAP.
>>
>> I've been helping Xun Peng with a draft describing this extension,  
>> which I've just posted as http://www.ietf.org/id/draft-dawkins-ldapext-subnot-00.txt 
>> .
>>
>> Alexey told me that the next step was to request a review from the  
>> LDAP Directorate, asking for your opinion on AD-sponsoring this  
>> work, so I'm requesting your review.
>>
>> I will be present in Hiroshima for any face-to-face discussions  
>> that would be helpful.
>
> Do you want some time at the Apps Area meeting in Hiroshima (Monday  
> 9:00am)?
>
>> A note on timing - 3GPP CT4 is meeting the same week as IETF 76,  
>> and will be making a decision during that meeting on whether to use  
>> the approach described in this draft (and processed in the IETF) or  
>> to use an XML/SOAP alternative (not processed in the IETF). It  
>> would be extremely helpful to have your feedback before November 13  
>> (when both IETF 76 and the CT4 meeting end).
>>
>> Thanks,
>>
>> Spencer
>
>
> _______________________________________________
> Ldap-dir mailing list
> Ldap-dir@ietf.org
> https://www.ietf.org/mailman/listinfo/ldap-dir