[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: userSMimeCertificate;binary

To: Claude Lecommandeur <claude.lecommandeur@epfl.ch>
Subject: Re: userSMimeCertificate;binary
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Wed, 20 Dec 2000 08:31:02 -0800
Cc: openldap-software@OpenLDAP.org
In-reply-to: <3A40BB88.5DDBE064@epfl.ch>

Despite what RFC2798 says (it's just an informational document), userSMIMECertificate should not be transferred in ;binary mode
and should be revised (as discussed on the IETF LDAPext mailing
list).  The ;binary mode can only be used to in conjunction with
ASN.1 syntaxes, which binary syntax is not.  That is, ;binary
transfer of a attribute of binary syntax makes no sense and would
serve no purpose.

OpenLDAP allows ;binary transfer only with select syntaxes
which require such, such as certificate syntax used by
userCertificate.   In some previous versions of OpenLDAP,
the code was hacked to make userCertficate;binary work.
However, this broke all proper uses of the binary syntax
and hence the hack was removed.  You are welcomed to install
the hack locally or come up with a better hack.

Alternative, you might be able to hack the Netscape client
to use "userSMimeCertificate" without ";binary"...

At 03:00 PM 12/20/00 +0100, Claude Lecommandeur wrote:
>   Am I doing something wrong ?

No.  The client is implementing a informational specification
with a known flaw.  The specification and the client need to
be updated.

References:
- userSMimeCertificate;binary
  - From: Claude Lecommandeur <claude.lecommandeur@epfl.ch>

Prev by Date: Help needed -- make fails
Next by Date: Schemacheck
Index(es):
- Chronological
- Thread