[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Component Matching Performance

To: ietf-pkix@xxxxxxx
Subject: Re: Component Matching Performance
From: Andrew Sciberras <andrewsciberras@xxxxxxxxx>
Date: Mon, 06 Dec 2004 14:15:43 +1100
Cc: Sang s Lim <slim@xxxxxxxxxx>, "Kurt D. Zeilenga" <Kurt@xxxxxxxxxxxx>
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:return-path:message-id:date:from:organization:user-agent:x-accept-language:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; b=KH63WXN3T2uYtHskqh1OQooKVShwVIt208Y2j/pCRbkwIsDWx5cp6TpKd+J6Xvst4ptTGBaOf7mwhfJL9qk4xopd7DL0hVMcOOkZ7+JPyfoZzmSo6kR+UdFNr5U4XK4cLKnfwoDfL2WFZNgjAtTfVDFDR4GMnxxukE5TC+CDdfg=
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Organization: eB2Bcom
References: <>
Sender: owner-ietf-pkix@xxxxxxxxxxxx
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.3) Gecko/20040910

Hi,

Sang s Lim wrote:

Directory - 100,000 entry DIT - Each entry is a person entry with one userCertificate attribute - Operations: Random searches on tbsCertificate.serialNumber (serialNumber in userCertificate) - Indexing: tbsCertificate.serialNumber

I haven't used OpenLDAP or explored its Component Matching capabilities yet, so I'm going to take the content of the operation mentioned above literally. The mention of 'tbsCertificate' is both surprising and confusing... The userCertificate attribute within LDAP and X.500 does not have a syntax of Certificate as defined within RFC3280; it has a syntax of Certificate as defined with X.509. This is stated in both RFC2252 and Kurt's individual submission of "LDAP X.509 Certificate Schema" (draft-zeilenga-ldap-x509-00.txt). Even though these definitions may be syntactically equivalent, an LDAP/X.500 userCertificate does not have a tbsCertificate component.

It is my opinion that the component tbsCertificate should not be used within an LDAP search for the userCertificate attribute and in doing so should result in zero entries being returned.


Regards,
Andrew Sciberras
eB2Bcom

Sang Seok Lim

IBM T.J Watson Research Center Enterprise Linux Group slim@xxxxxxxxxx

Follow-Ups:
- Re: Component Matching Performance
  - From: Sang s Lim

References:
- Component Matching Performance
  - From: Sang s Lim

Prev by Date: What's mean about "bis" in the 2510bis?
Next by Date: Re: What's mean about "bis" in the 2510bis?
Previous by thread: Component Matching Performance
Next by thread: Re: Component Matching Performance
Index(es):
- Date
- Thread