[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: ;binary migration solution
Folks,
Hallvard B Furuseth wrote:
> - If a search requested an attribute with the "binary" option,
> it is added to that attribute in the search result (if that
> attribute is returned).
It is all well and good to propose that ";binary" be in the returned
attribute description if and only if ";binary" is in the original request
but what if the original request was for all user attributes (i.e. "*") ?
This facility is being ignored in all this discussion about ";binary".
As things stand today, we have a significant body of LDAPv3 compliant
implementations that expect to get back "userCertificate;binary" from
a request for "*". In any phased migration away from the use of ";binary",
at some point compliant directory servers will have to change from returning
userCertificate;binary to just returning userCertificate and this will
break currently conformant clients.
David Chadwick is the only one who has proposed a safe way to
effect a migration (using controls). However, since such a migration
delivers no practical benefit to conformant PKI clients (just a different
way of asking for the same thing), I think the pain of migration is
not justified.
Regards,
Steven