[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP Certificate transfer syntax

To: David Chadwick <d.w.chadwick@salford.ac.uk>
Subject: Re: LDAP Certificate transfer syntax
From: "Housley, Russ" <rhousley@rsasecurity.com>
Date: Wed, 03 Apr 2002 10:21:39 -0500
Cc: LDAP BIS <ietf-ldapbis@OpenLDAP.org>, PKIX <ietf-pkix@imc.org>
In-reply-to: <3CA8D20B.EDB26372@salford.ac.uk>
References: <5.1.0.14.2.20020401110819.032405a8@exna07.securitydynamics.com>

David:

I would like to encourage clients to provide certificates in DER. We ought to tell them that there will be less work for everyone if they provide DER-encoded certificates. Likewise for CRLs.

Russ

At 10:32 PM 4/1/2002 +0100, David Chadwick wrote:

"Housley, Russ" wrote:
>
> David:
>
> Is it possible to preserve the DER encoding.  If not, then the DER encoding
> must be restored in order to validate the signature?  This just seems like
> wasted processing to me.
>

Russ

I quite agree. The revised text is meant to ensure that the DER or BER
encoding created by the client when the certificate was first sent to
the directory for storage is preserved as is. This is the purpose of the
sentence below in the revised text, viz:

> >Servers must preserve values in this syntax exactly as given when
> >storing and retrieving them.
> >

Perhaps I should say "as given to them by the client, when storing and
retrieving certificates"

David

Follow-Ups:
- Re: LDAP Certificate transfer syntax
  - From: David Chadwick <d.w.chadwick@salford.ac.uk>

References:
- Re: LDAP Certificate transfer syntax
  - From: "Housley, Russ" <rhousley@rsasecurity.com>
- Re: LDAP Certificate transfer syntax
  - From: David Chadwick <d.w.chadwick@salford.ac.uk>

Prev by Date: Re: LDAP Certificate transfer syntax (draft-ietf-pkix-ldap-v3-05.txt)
Next by Date: Re: LDAP Certificate transfer syntax
Index(es):
- Chronological
- Thread