[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: userSMimeCertificate;binary
Despite what RFC2798 says (it's just an informational document), userSMIMECertificate should not be transferred in ;binary mode
and should be revised (as discussed on the IETF LDAPext mailing
list). The ;binary mode can only be used to in conjunction with
ASN.1 syntaxes, which binary syntax is not. That is, ;binary
transfer of a attribute of binary syntax makes no sense and would
serve no purpose.
OpenLDAP allows ;binary transfer only with select syntaxes
which require such, such as certificate syntax used by
userCertificate. In some previous versions of OpenLDAP,
the code was hacked to make userCertficate;binary work.
However, this broke all proper uses of the binary syntax
and hence the hack was removed. You are welcomed to install
the hack locally or come up with a better hack.
Alternative, you might be able to hack the Netscape client
to use "userSMimeCertificate" without ";binary"...
At 03:00 PM 12/20/00 +0100, Claude Lecommandeur wrote:
> Am I doing something wrong ?
No. The client is implementing a informational specification
with a known flaw. The specification and the client need to
be updated.