I can see that this would be useful for debugging purposes - however:

a) this must always be optional rather than mandatory, as software/version identifiers in services are often used by hackers either to target known vulnerabilities in the software, or in fingerprinting the system (so something identifying itself as "Tom Habing .Net Server" gives a good hint that the server is Windows based). SRW/U may not be as mainstream as Apache httpd, IIS etc. but even so.

b) the temptation is to start doing client/server snooping - i.e. have special case code for doing X if the client is from a particular vendor of a particular version, else doing Y if from this vendor, else do Z. The typical web site is a good example (where it might do things one way for IE, but another for Netscape, and breaks totally in Opera etc.). That defeats the whole point of interoperability, and we already have mechanisms for private extension (where any client can indicate to a server that it wants something clever not normally in the spec, rather than the server just doing the clever thing for a particular client vendor/version).

I have a feeling of déjà vu - I'm sure we discussed this. I said something similar to the above. Mike thought I was paranoid on the security side. There was a suggestion of returning something in otherInfo?

Matthew

> -----Original Message-----
> From: Z39.50 Next-Generation Initiative [mailto:[log in to unmask]] 
> On Behalf Of Ray Denenberg, Library of Congress
> Sent: Friday, April 01, 2005 10:38 PM
> To: [log in to unmask]
> Subject: Re: Server Identification in the Explain Record
> 
> From: "LeVan,Ralph" <[log in to unmask]>
> > It would be nice if servers could identify themselves.  .....
> in t
> Could you elaborate?  What sort of identification? For what purpose?
> 
> --Ray
>