[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: userSMimeCertificate;binary



Despite what RFC2798 says (it's just an informational document), userSMIMECertificate should not be transferred in ;binary mode
and should be revised (as discussed on the IETF LDAPext mailing
list).  The ;binary mode can only be used to in conjunction with
ASN.1 syntaxes, which binary syntax is not.  That is, ;binary
transfer of a attribute of binary syntax makes no sense and would
serve no purpose.

OpenLDAP allows ;binary transfer only with select syntaxes
which require such, such as certificate syntax used by
userCertificate.   In some previous versions of OpenLDAP,
the code was hacked to make userCertficate;binary work.
However, this broke all proper uses of the binary syntax
and hence the hack was removed.  You are welcomed to install
the hack locally or come up with a better hack.

Alternative, you might be able to hack the Netscape client
to use "userSMimeCertificate" without ";binary"...

At 03:00 PM 12/20/00 +0100, Claude Lecommandeur wrote:
>   Am I doing something wrong ?

No.  The client is implementing a informational specification
with a known flaw.  The specification and the client need to
be updated.