RE: LDAP PKI Schema (was Re: No-op LDAP ;binary option)

["Ramsay, Ron" <Ron.Ramsay@xxxxxx>]

Actually, it may not matter whether it is widely implemented. Because we wish to use component matching in matched-values, it will probably require any servers implementing matched-values to be rewritten to allow component-match in matched-values.

-----Original Message-----
From: Ramsay, Ron 
Sent: Friday, 3 January 2003 10:33
To: Kurt D. Zeilenga
Cc: Peter Gietz; ietf-pkix@xxxxxxx
Subject: RE: LDAP PKI Schema (was Re: No-op LDAP ;binary option)



I know, but is it widely implemented?

-----Original Message-----
From: Kurt D. Zeilenga [mailto:Kurt@xxxxxxxxxxxx]
Sent: Friday, 3 January 2003 04:01
To: Ramsay, Ron
Cc: Peter Gietz; ietf-pkix@xxxxxxx
Subject: RE: LDAP PKI Schema (was Re: No-op LDAP ;binary option)


At 11:11 PM 1/1/2003, Ramsay, Ron wrote:
>Component matching, however, does not address the problem of returning multiple certificates.

We have a general solution to that general problem in the LDAP
matched values control extension [draft-ietf-ldapext-matchedval]. 

Kurt


>Ron.
>
>-----Original Message-----
>From: Kurt D. Zeilenga [mailto:Kurt@xxxxxxxxxxxx]
>Sent: Tuesday, 31 December 2002 18:38
>To: Peter Gietz
>Cc: ietf-pkix@xxxxxxx
>Subject: Re: LDAP PKI Schema (was Re: No-op LDAP ;binary option)
>
>
>
>
>>Nevertheless two different solutions to one problem might be preferable here.
>
>My primary objection to standardizing the child entry approach
>for PKI is that it is a PKI-specific solution to a general problem,
>component matching of complex attribute values.   We should be
>looking for general solutions to our general problems.  Steven's
>component matching I-D details a general solution which I believe
>is suitable for standardization.
>
>My recommendation is that the PKI "child entry" approach be
>pursued individually as an Experimental (or possibly Informational)
>solution to the PKI component matching problem with a note that
>a more general solution, component matching, is being standardized.
>
>Kurt