[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP Certificate transfer syntax (draft-ietf-pkix-ldap-v3-05.txt)

To: Ken Stillson <stillson@mitretek.org>
Subject: Re: LDAP Certificate transfer syntax (draft-ietf-pkix-ldap-v3-05.txt)
From: David Chadwick <d.w.chadwick@salford.ac.uk>
Date: Tue, 02 Apr 2002 23:39:05 +0100
Cc: LDAP BIS <ietf-ldapbis@OpenLDAP.org>, PKIX <ietf-pkix@imc.org>
Organization: University of Salford
References: <Pine.LNX.4.40.0204021550320.10415-100000@tsf-gw.mitretek.org>


Ken Stillson wrote:
> 
>   On Mon, 1 Apr 2002, David Chadwick wrote:
> > All constructive comments welcomed
> 
>   Hi David-
>   A thought for the you...
> 
>   Although implied by section 3, perhaps it should be stated expectedly:
> 
>   "A PKI object should be placed into a LDAP directory such that the LDAP
>    object DN matches the subject DN of the object."
> 

Ken

whilst I agree with you that this is an obvious thing to do, I dont
believe the ID should say how people should structure their DITs. As
this is a general standard, people are free to structure their DITs in
any way they wish to, and should still be able to use the subschema in
this ID. I think it should rather be a BCP that tells people the best
way to build their directories so that they have the minimum of hassles
operationally. (But I bet it will be difficult to get people to agree on
the contents of the BCP)

David



>   Although this seems obvious to some, I've run into a surprising number of
>   clients setting up directories using some alternate structure, who are
>   then surprised when validation software can't find certificates given
>   subject DN's.
> 
>     - Ken Stillson
> 
> --
>       |   Ken Stillson             |    stillson@mitretek.org    |
>       |   Sr. Principal Engineer   |    voice: (703) 610-2965    |
>       |   Mitretek Systems         |      fax: (703) 610-2984    |

-- 
*****************************************************************

David W. Chadwick, BSc PhD
Professor of Information Systems Security
IS Institute, University of Salford, Salford M5 4WT
Tel: +44 161 295 5351  Fax +44 161 745 8169
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick@salford.ac.uk
Home Page:  http://www.salford.ac.uk/its024/chadwick.htm
Research Projects: http://sec.isi.salford.ac.uk
Understanding X.500:  http://www.salford.ac.uk/its024/X500.htm
X.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5

*****************************************************************

begin:vcard 
n:Chadwick;David
tel;cell:+44 77 96 44 7184
tel;fax:+44 1484 532930
tel;home:+44 1484 352238
tel;work:+44 161 295 5351
x-mozilla-html:FALSE
url:http://www.salford.ac.uk/its024/chadwick.htm
org:University of Salford;IS Institute
version:2.1
email;internet:d.w.chadwick@salford.ac.uk
title:Professor of Information Security
adr;quoted-printable:;;The Crescent=0D=0A;Salford;Greater Manchester;M5 4WT;England
note;quoted-printable:Research Projects: http://sec.isi.salford.ac.uk.......................=0D=0A=0D=0AUnderstanding X.500:  http://www.salford.ac.uk/its024/X500.htm .......................=0D=0A=0D=0AX.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm...................=0D=0A=0D=0AEntrust key validation string: CJ94-LKWD-BSXB ...........=0D=0A=0D=0APGP Key ID is 0xBC238DE5
x-mozilla-cpt:;-4856
fn:David Chadwick
end:vcard

References:
- Re: LDAP Certificate transfer syntax (draft-ietf-pkix-ldap-v3-05.txt)
  - From: Ken Stillson <stillson@mitretek.org>

Prev by Date: Re: LDAP Certificate transfer syntax (draft-ietf-pkix-ldap-v3-05.txt)
Next by Date: RE: LDAP Certificate transfer syntax (draft-ietf-pkix-ldap-v3-05. txt)
Index(es):
- Chronological
- Thread