[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Issues in LDAP schema IDs

To: David Chadwick <d.w.chadwick@xxxxxxxxxxxxx>
Subject: Re: Issues in LDAP schema IDs
From: Michael Ströder <michael@xxxxxxxxxxxx>
Date: Thu, 17 Jul 2003 16:24:35 +0200
Cc: PKIX <ietf-pkix@xxxxxxx>
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <>
Sender: owner-ietf-pkix@xxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030626

David Chadwick wrote:


Peter and I have resolved all the issues described at the PKIX meeting
today, apart from one, which is what should be the attribute type to be
used to hold the X.509 DER encoded attribute. Should it be the original
attribute type name e.g. userCertificate or a new attribute whose schema
says it must be single valued.


I'd strongly argue for back-wards compability with existing clients
=> userCertificate

Off course there should be a directory profiling note stating that there MUST NOT more than one attribute value to be compliant. The caveat is off-course that the directory can't enforce the SINGLE-VALUE restriction by schema definition.

Ciao, Michael.

Follow-Ups:
- Re: Issues in LDAP schema IDs
  - From: Wen-Cheng Wang

References:
- Issues in LDAP schema IDs
  - From: David Chadwick

Prev by Date: RE: WG Last Call: SCVP
Next by Date: Re: Issues in LDAP schema IDs
Previous by thread: Issues in LDAP schema IDs
Next by thread: Re: Issues in LDAP schema IDs
Index(es):
- Date
- Thread