[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: No-op LDAP ;binary option

To: Russ Housley <housley@xxxxxxxxxxxx>
Subject: Re: No-op LDAP ;binary option
From: Michael Ströder <michael@xxxxxxxxxxxx>
Date: Fri, 29 Nov 2002 20:22:21 +0100
Cc: ietf-pkix@xxxxxxx
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <> <>
Sender: owner-ietf-pkix@xxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2) Gecko/20021126

Russ Housley wrote:

I already have concerns about consistency when the certificate is stored in a subordinate entry, with the various certificate fields extracted to create searchable attributes. If we allow the certificate to be stored in many different places, how do we ensure consistency?

Exactly like we most times ensure consistency of any other attribute of an LDAP entry containing something meaningful: We don't.

The certificate is downloaded completely as a whole. The entity actually using the certificate MUST check the validity of the certificate and the applicability for a certain crypto protocol.

Ciao, Michael.

References:
- RE: No-op LDAP ;binary option
  - From: Housley, Russ
- Re: No-op LDAP ;binary option
  - From: Russ Housley

Prev by Date: Re: Acceptance of DC-style DNs (was: OCSP I-Ds going forward)
Next by Date: Re: Acceptance of DC-style DNs (was: OCSP I-Ds going forward)
Previous by thread: Re: No-op LDAP ;binary option
Next by thread: RE: No-op LDAP ;binary option
Index(es):
- Date
- Thread