[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP Certificate transfer syntax (draft-ietf-pkix-ldap-v3-05.txt)

To: David Chadwick <d.w.chadwick@salford.ac.uk>
Subject: Re: LDAP Certificate transfer syntax (draft-ietf-pkix-ldap-v3-05.txt)
From: Ken Stillson <stillson@mitretek.org>
Date: Tue, 2 Apr 2002 15:52:48 -0500 (EST)
Cc: LDAP BIS <ietf-ldapbis@OpenLDAP.org>, PKIX <ietf-pkix@imc.org>
In-reply-to: <3CA860A2.20AB0F9C@salford.ac.uk>

  On Mon, 1 Apr 2002, David Chadwick wrote:
> All constructive comments welcomed

  Hi David-
  A thought for the you...

  Although implied by section 3, perhaps it should be stated expectedly:

  "A PKI object should be placed into a LDAP directory such that the LDAP
   object DN matches the subject DN of the object."

  Although this seems obvious to some, I've run into a surprising number of
  clients setting up directories using some alternate structure, who are
  then surprised when validation software can't find certificates given
  subject DN's.

    - Ken Stillson


-- 
      |   Ken Stillson             |    stillson@mitretek.org    |
      |   Sr. Principal Engineer   |    voice: (703) 610-2965    |
      |   Mitretek Systems         |      fax: (703) 610-2984    |

Follow-Ups:
- Re: LDAP Certificate transfer syntax (draft-ietf-pkix-ldap-v3-05.txt)
  - From: David Chadwick <d.w.chadwick@salford.ac.uk>
- Re: LDAP Certificate transfer syntax (draft-ietf-pkix-ldap-v3-05.txt)
  - From: Harald Koch <chk@pobox.com>
- Re: LDAP Certificate transfer syntax (draft-ietf-pkix-ldap-v3-05.txt)
  - From: Michael Ströder <michael@stroeder.com>

References:
- LDAP Certificate transfer syntax
  - From: David Chadwick <d.w.chadwick@salford.ac.uk>

Prev by Date: Re: LDAP Certificate transfer syntax
Next by Date: Re: LDAP Certificate transfer syntax (draft-ietf-pkix-ldap-v3-05.txt)
Index(es):
- Chronological
- Thread