[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Issues in LDAP schema IDs

To: Michael Str?der <michael@xxxxxxxxxxxx>
Subject: Re: Issues in LDAP schema IDs
From: wcwang <wcwang@xxxxxxxxxx>
Date: Fri, 18 Jul 2003 21:30:17 +0800 (CST)
Cc: PKIX <ietf-pkix@xxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Michael Stroder wrote:
> Antonio Lioy wrote:
> > 
> > Wen-Cheng Wang wrote:
> >
> >> My concern is a CA may support dual key pairs for a single EE.
> >
> > So support for multiple certs per each user should be added to the schema.
> I'd suggest to read the draft. Hint: Multi-valued attributes are not the 
> only way to store multiple certificates per user.

Sorry I did not carefully read David's questio. And then when
I saw him asking for comments on restricting userCertificate
to be single-valued, I gave my concern intuitively.

Actually, I had read the three new I-Ds and I know that some
people have been working on inventing a new way to store
PKCs, ACs and CRLs in LDAP-based repository instead of
using traditional attributes such as userCertificate,
caCertificate or attributeCertificateAttribute.

Well, now I re-give my comment. I think that since it is a
new way to to store PKCs, ACs and CRLs, it is fine to define
a new single-valued attribute. Redefine the traditional
userCertificate caCertificate or attributeCertificateAttribute
attributes to be single-valued might be a bad idea.

Wen-Cheng Wang

Prev by Date: Re: WG Last Call: SCVP
Next by Date: Re: Issues in LDAP schema IDs
Previous by thread: Re: Issues in LDAP schema IDs
Next by thread: RE: WG Last Call: SCVP
Index(es):
- Date
- Thread