[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LDAP PKI Schema (was Re: No-op LDAP ;binary option)

To: steven.legg@xxxxxxxxxxxxx
Subject: Re: LDAP PKI Schema (was Re: No-op LDAP ;binary option)
From: Michael Ströder <michael@xxxxxxxxxxxx>
Date: Fri, 29 Nov 2002 05:03:18 +0100
Cc: "'Steve Hanna'" <steve.hanna@xxxxxxx>, ietf-pkix@xxxxxxx
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <>
Sender: owner-ietf-pkix@xxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2) Gecko/20021126

Steven Legg wrote:

Michael Str der wrote:
Steve Hanna wrote:
I support the proposal made by Peter Gietz since it seems
like an fairly easy solution to me solving some real-world
problems.
Can't certificateMatch do as well?
Yes, off course. But it requires implementing it in the server which will take quite some time if ever implemented at all.
Both solutions require implementation effort. The question is
whether the burden of the implementation falls mainly on the
server or the client. The matching rule approach puts the burden
on the server, while the child entry approach puts the burden on
the clients.

The 2. is less of an issue.

Hint: I can even imagine to use good old Navigator 4.5+ to search for the recipient's certificate for a given e-mail address.

Ciao, Michael.

Follow-Ups:
- Re: LDAP PKI Schema (was Re: No-op LDAP ;binary option)
  - From: Peter Gietz

References:
- RE: LDAP PKI Schema (was Re: No-op LDAP ;binary option)
  - From: Steven Legg

Prev by Date: Re: Acceptance of DC-style DNs (was: OCSP I-Ds going forward)
Next by Date: Re: No-op LDAP ;binary option
Previous by thread: RE: LDAP PKI Schema (was Re: No-op LDAP ;binary option)
Next by thread: Re: LDAP PKI Schema (was Re: No-op LDAP ;binary option)
Index(es):
- Date
- Thread