[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP Certificate transfer syntax (draft-ietf-pkix-ldap-v3-05.txt)

To: LDAP BIS <ietf-ldapbis@OpenLDAP.org>, PKIX <ietf-pkix@imc.org>
Subject: Re: LDAP Certificate transfer syntax (draft-ietf-pkix-ldap-v3-05.txt)
From: Harald Koch <chk@pobox.com>
Date: Wed, 03 Apr 2002 00:08:14 -0500
In-reply-to: stillson's message of "Tue, 02 Apr 2002 15:52:48 -0500". <Pine.LNX.4.40.0204021550320.10415-100000@tsf-gw.mitretek.org>
References: <Pine.LNX.4.40.0204021550320.10415-100000@tsf-gw.mitretek.org>

Of all the gin joints in all the towns in all the world, Ken Stillson
had to walk into mine and say:
> 
>   "A PKI object should be placed into a LDAP directory such that the LDAP
>    object DN matches the subject DN of the object."

It's supposed to be the other way around, isn't it? One should issue
certificates with a subject DN that matches the LDAP object DN.

Anyway, there are many environments where a certificate issued by one
organisation must be stored in a directory belonging to another. I don't
believe that an arbitrary restriction like this won't fly.

-- 
Harald Koch     <chk@pobox.com>

References:
- Re: LDAP Certificate transfer syntax (draft-ietf-pkix-ldap-v3-05.txt)
  - From: Ken Stillson <stillson@mitretek.org>

Prev by Date: RE: LDAP Certificate transfer syntax (draft-ietf-pkix-ldap-v3-05. txt)
Next by Date: Re: LDAP Certificate transfer syntax (draft-ietf-pkix-ldap-v3-05.txt)
Index(es):
- Chronological
- Thread