[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: A plan for PKIX, LDAPv3, and ;binary
wpolk@nist.gov wrote:
>
> (4) The lack of a defined LDAP-specific encoding for Certificate, Certificate
> List and Certificate Pair syntaxes is a problem, as a small percentage of
> implementations transfer these attributes without the ;binary option. Rather
> than be silent, we suggest that the PKIX syntax and schema document state the
> LDAP-specific encoding used in transfer without the ;binary option but
> deprecate its use.
Tim
I disagree with this deprecation. This is clearly not a step forward.
One of the main reasons we had a problem was that a workable certificate
syntax was never specified (only the flawed character encoded syntax in
LDAPv2). Rather than deprecate the LDAP specific encoding, we should
welcome it and deprecate the use of ;binary so that it can be phased it.
It is an ugly flawed concept, which is why LDAPBIS has agreed to remove
it.
David
> This LDAP-specific encoding has the same transfer
> representation as when the attribute is transferred with the ;binary option.
>
> We believe this represents a straightforward path forward that meets the PKIX
> interoperability requirements while being most compatible with current PKI
> behavior, current LDAPv3 standards, and upcoming LDAPBIS documents.
>
> Thank you,
>
> Tim Polk, RL "Bob" Morgan, Kurt Zeilenga, and Steven Legg
--
*****************************************************************
David W. Chadwick, BSc PhD
Professor of Information Systems Security
IS Institute, University of Salford, Salford M5 4WT
Tel: +44 161 295 5351 Fax +44 01484 532930
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick@salford.ac.uk
Home Page: http://www.salford.ac.uk/its024/chadwick.htm
Research Projects: http://sec.isi.salford.ac.uk
Understanding X.500: http://www.salford.ac.uk/its024/X500.htm
X.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5
*****************************************************************
begin:vcard
n:Chadwick;David
tel;cell:+44 77 96 44 7184
tel;fax:+44 1484 532930
tel;home:+44 1484 352238
tel;work:+44 161 295 5351
x-mozilla-html:FALSE
url:http://www.salford.ac.uk/its024/chadwick.htm
org:University of Salford;IS Institute
version:2.1
email;internet:d.w.chadwick@salford.ac.uk
title:Professor of Information Security
adr;quoted-printable:;;The Crescent=0D=0A;Salford;Greater Manchester;M5 4WT;England
note;quoted-printable:Research Projects: http://sec.isi.salford.ac.uk.......................=0D=0A=0D=0AUnderstanding X.500: http://www.salford.ac.uk/its024/X500.htm .......................=0D=0A=0D=0AX.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm...................=0D=0A=0D=0AEntrust key validation string: CJ94-LKWD-BSXB ...........=0D=0A=0D=0APGP Key ID is 0xBC238DE5
x-mozilla-cpt:;-4856
fn:David Chadwick
end:vcard