[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: LDAP PKI Schema (was Re: No-op LDAP ;binary option)
At 11:11 PM 1/1/2003, Ramsay, Ron wrote:
>Component matching, however, does not address the problem of returning multiple certificates.
We have a general solution to that general problem in the LDAP
matched values control extension [draft-ietf-ldapext-matchedval].
Kurt
>Ron.
>
>-----Original Message-----
>From: Kurt D. Zeilenga [mailto:Kurt@xxxxxxxxxxxx]
>Sent: Tuesday, 31 December 2002 18:38
>To: Peter Gietz
>Cc: ietf-pkix@xxxxxxx
>Subject: Re: LDAP PKI Schema (was Re: No-op LDAP ;binary option)
>
>
>
>
>>Nevertheless two different solutions to one problem might be preferable here.
>
>My primary objection to standardizing the child entry approach
>for PKI is that it is a PKI-specific solution to a general problem,
>component matching of complex attribute values. We should be
>looking for general solutions to our general problems. Steven's
>component matching I-D details a general solution which I believe
>is suitable for standardization.
>
>My recommendation is that the PKI "child entry" approach be
>pursued individually as an Experimental (or possibly Informational)
>solution to the PKI component matching problem with a note that
>a more general solution, component matching, is being standardized.
>
>Kurt