[Date Prev][Date Next] [Chronological] [Thread] [Top]

Fwd: PKI - LDAP survey

To: ietf-ldapbis@OpenLDAP.org
Subject: Fwd: PKI - LDAP survey
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Tue, 24 Sep 2002 09:57:27 -0700

For your information:

>To: tim.polk@nist.gov
>Subject: PKI - LDAP survey
>Date: Thu, 19 Sep 2002 18:13:18 -0400 (EDT)
>From: wpolk@nist.gov
>List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
>
>
>
>PLEASE SEND YOUR REPLIES DIRECTLY TO ME AND NOT TO THE LIST
>
>Background:  There was a change from LDAPv2 to LDAPv3 which affects how 
>certificates and related PKI data structures are stored. LDAPv3 added ";binary" 
>as a means of specifying transfer syntax for these objects, which should be 
>transferred in BER form. Now, however, the LDAPv3 WG has decided to remove 
>support for ;binary (which was optional), from the draft standard (due to 
>ambiguities in its specification, and no consensus on how to resolve them) in 
>an effort to progress to Draft, avoiding other problems associated with generic 
>use of this feature. The plan is to reintroduce ;binary as an extension in the 
>future, once the problems that caused it to be removed is resolved. There is 
>also a PKIX proposal to define a native transfer syntax for certificate (i.e., 
>a transfer syntax where ;binary is not specified). 
>
>To determine the interoperability issues that may result from the range of 
>solutions, the LDAPbis folks have requested that we survey PKI product vendors 
>to determine how current products use LDAP v2 and v3.
>
>Please respond to the following questions for current and recent (e.g., 
>available in 2001 or 2002) PKI products.  Answer separately for "major" 
>versions:
>
>1. Product type (CA or client?) and name (please include version number):   
>
>
>For CAs please answer questions 2 - 4; for clients answer 5 - 8.
>
>2. Is the CA designed to publish certificates using LDAP v2, v3, or both?
>
>3. When the CA uses LDAP v2 to store certificates in the directory, how does 
>the CA specify the attribute? [check all that apply]
>
>(a) caCertificate;binary           [   ]
>(b) caCertificate                  [   ]
>(c) userCertificate;binary         [   ]
>(d) userCertificate                [   ]
>(e) does not support LDAP v2       [   ]
>
>4. When the CA uses LDAP v3 to store certificates in the directory, how does 
>the CA specify the attribute description (transfer syntax)? [check all that 
>apply]
>
>(a) caCertificate;binary           [   ]
>(b) caCertificate                  [   ]
>(c) userCertificate;binary         [   ]
>(d) userCertificate                [   ]
>(e) does not support LDAP v3       [   ]
>
>5. When the client requests certificates, does it make the request using LDAP 
>v2, v3, or can it be configured to use either?
>
>6. When requesting certificates, what does the client request? [check all that 
>apply]
>
>(a) all user attributes            [   ] 
>(b) userCertificate;binary         [   ]
>(c) userCertificate                [   ]
>(d) caCertificate;binary           [   ]
>(e) caCertificate                  [   ]
>
>7. When receiving certificates, what are the expected attribute types/attribute 
>descriptions? [check all that apply]
>
>(a) userCertificate;binary         [   ]
>(b) userCertificate                [   ]
>(c) caCertificate;binary           [   ]
>(d) caCertificate                  [   ]
>
>8. What is the failure behaviour if an unexpected attribute types/attribute 
>descriptions are encountered?
>
>
>
>Please respond directly to tim.polk@nist.gov.  I will be posting a summary but 
>will not disclose any specific responses.

Prev by Date: BCP 64, RFC 3383 on Internet Assigned Numbers Authority (IANA) Considerations for the Lightweight Directory Access Protocol (LDAP)
Next by Date: Re: Attribute Description Hierarchies and Policy Administration
Index(es):
- Chronological
- Thread