[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: LDAP PKI Schema (was Re: No-op LDAP ;binary option)

To: "'Michael Str der'" <michael@xxxxxxxxxxxx>, "'Steve Hanna'" <steve.hanna@xxxxxxx>
Subject: RE: LDAP PKI Schema (was Re: No-op LDAP ;binary option)
From: "Steven Legg" <steven.legg@xxxxxxxxxxxxx>
Date: Fri, 29 Nov 2002 14:44:28 +1100
Cc: <ietf-pkix@xxxxxxx>
Importance: Normal
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Reply-to: <steven.legg@xxxxxxxxxxxxx>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Michael,

Michael Str der wrote:
> Steve Hanna wrote:
> >>I support the proposal made by Peter Gietz since it seems
> >>like an fairly easy solution to me solving some real-world
> >>problems.
> > 
> > Can't certificateMatch do as well?
> 
> Yes, off course. But it requires implementing it in the 
> server which will 
> take quite some time if ever implemented at all.

Both solutions require implementation effort. The question is
whether the burden of the implementation falls mainly on the
server or the client. The matching rule approach puts the burden
on the server, while the child entry approach puts the burden on
the clients.

Regards,
Steven

Follow-Ups:
- Re: LDAP PKI Schema (was Re: No-op LDAP ;binary option)
  - From: Michael Ströder

References:
- Re: LDAP PKI Schema (was Re: No-op LDAP ;binary option)
  - From: Michael Ströder

Prev by Date: Re: draft-ietf-pkix-warranty-extn-01.txt
Next by Date: Re: Acceptance of DC-style DNs (was: OCSP I-Ds going forward)
Previous by thread: Re: LDAP PKI Schema (was Re: No-op LDAP ;binary option)
Next by thread: Re: LDAP PKI Schema (was Re: No-op LDAP ;binary option)
Index(es):
- Date
- Thread