Re: FWD: ;binary a/b design teams' summary / recommendation review

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 01:21 PM 2002-09-16, Steve Hanna wrote:
>Russ Housley forwarded the email below (announcing the
>LDAPBIS group's intent to remove the ;binary option) to
>the PKIX mailing list, suggesting follow-ups to this list.
>
>Doesn't removing support for the ;binary option break
>backward compatibility for LDAP clients that use the
>;binary option to store and retrieve certificates and CRLs?

I believe this question was discussed by the WG.  Comments
in this area were factored in the WG consensus declared on
29 May 2002.

>Since RFC 2256 required the use of ;binary to store and
>retrieve certificates and CRLs, I would hope that you
>would require servers to support older clients for backward
>compatibility. In fact, newer clients will also need to use
>the ;binary option when storing and retrieving certificates
>and CRLs in case they are talking to an older server. I guess
>you'd better document that, too.

I note that the LDAP schema for X.509 certificate and CRL
attributes has been removed from the "core" technical
specification and that PKIX WG is undertaking work to
produce a draft detailing this LDAP schema (to be published
as an extension to LDAP "core" specification).  PKIX may
choose to continue using ;binary or or not in their draft.
If they choose to continue using ;binary, a specification for
;binary (as an extension to LDAP) will have to be produced.
The PKIX WG is aware of this.

I suggest that those who have comment regarding
        draft-ietf-pkix-ldap-pki-schema-00.txt

direct those comments to the PKIX WG's mailing list.

>Are you sure this is simplifying things for you?

I recall discussions regarding how this change will simplifying
things.  This is a minor issue.

Kurt, LDAP co-chair