Re: LDAP ISSUE

[Steve Hanna <Steve.Hanna@xxxxxxx>]

David Chadwick wrote:
>we have two cases here.

What about the case where a server returns a keyword to a
client that doesn't understand it? I agree that you can define
new keywords if all the software is updated or reconfigured
whenever a new keyword is defined. But this isn't realistic.

>> For
>> user input and output, new keywords can be added. But you
>> can't expect existing LDAP servers to automagically understand
>> what a new keyword means when they see it on the wire. OIDs
>> are the best way to handle this.
>
>Actually OIDs are the best alround, and keywords should never have been
>defined! But given that they are, we should be consistent in their
>application, and not require keywords for some things and OIDs for
>others, within the same protocol item (a DN)

We agree that OIDs are the best solution for the on-the-wire
protocol. The best way forward seems clear to me. Don't define
new keywords to be used on the wire. Can you provide any reason
why it would be good to define more keywords?

>But now PKIX has defined some new attributes for use
>in DNs, and therefore the keywords for these should also be supported.

Following that logic, we'll have to add new keywords whenever
anyone comes up with another attribute. Each keyword will
introduce another potential compatibility issue. That sounds
pretty undesirable to me.

Thanks,

Steve