[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Comments on draft-ietf-pkix-ldap-v3-01.txt

To: PKIX <ietf-pkix@xxxxxxx>
Subject: Comments on draft-ietf-pkix-ldap-v3-01.txt
From: Sean Turner <turners@xxxxxxxx>
Date: Sat, 30 Oct 1999 14:51:32 -0400
Organization: IECA, Inc.

After thinking about the draft a bit I'd like to suggest a few
modifications (mostly organizational).

The draft includes both the protocol and schema issues to deal with
LDAPv3 servers.  I think we should split the two topics as the draft is
called "operational protocols".  I think the draft should just talk
about the protocol issues and not the schema.  My suggestion is to
update RFC 2587 (Internet X.509 Public Key Infrastructure LDAPv2 Schema)
to include the attribute and object classes required to support
attribute certificate users.  Then the LDAPv2 schema could support
storing the attribute certificate related information.  Another draft
should be spawned to include specific LDAPv3 schema issues such support
for matching rules, etc.

There is support for the pmiUser but where are the attribute authority's
certificates stored?  Should we define an pmiAA (name to be determined)
object class to support storing of the attribute certificate for the AA?

Also, which revocation list includes the revoked attribute
certificates?  I assumed it would be stored in a separate attribute
certificate revocation list, but the draft is silent on the issue (so is
draft-ietf-pkix-ac509prof-01.txt).

Thanks,

spt

Prev by Date: Re: TYPO in Roadmap-04 re BERT
Next by Date: Comments on draft-ietf-pkix-ac509prof-01.txt
Previous by thread: QC comparisons are DEADLY serious!
Next by thread: RE: Comments on draft-ietf-pkix-ldap-v3-01.txt
Index(es):
- Date
- Thread