The only argument for insisting on the mandatory ";binary" is the
possibility that the old RFC 1778 string formats will be presented in
a response. However, those old RFC 1778 syntaxes were updated by RFC
2559.
Yes, I guess you are correct. The ;binary was really a hack job to cater
for the broken string encoding of certificates. I dont really see why we
need to use it now, if the PKIX document states specifically what the
LDAP transfer syntax is, we should just be able to just simply ask for
certificates (without ;binary) and get BER back. Since BER is the only
recognised syntax in the latest specification.