[Date Prev][Date Next]
Re: FWD: ;binary a/b design teams' summary / recommendation review
At 01:21 PM 2002-09-16, Steve Hanna wrote:
>Russ Housley forwarded the email below (announcing the
>LDAPBIS group's intent to remove the ;binary option) to
>the PKIX mailing list, suggesting follow-ups to this list.
>Doesn't removing support for the ;binary option break
>backward compatibility for LDAP clients that use the
>;binary option to store and retrieve certificates and CRLs?
I believe this question was discussed by the WG. Comments
in this area were factored in the WG consensus declared on
29 May 2002.
>Since RFC 2256 required the use of ;binary to store and
>retrieve certificates and CRLs, I would hope that you
>would require servers to support older clients for backward
>compatibility. In fact, newer clients will also need to use
>the ;binary option when storing and retrieving certificates
>and CRLs in case they are talking to an older server. I guess
>you'd better document that, too.
I note that the LDAP schema for X.509 certificate and CRL
attributes has been removed from the "core" technical
specification and that PKIX WG is undertaking work to
produce a draft detailing this LDAP schema (to be published
as an extension to LDAP "core" specification). PKIX may
choose to continue using ;binary or or not in their draft.
If they choose to continue using ;binary, a specification for
;binary (as an extension to LDAP) will have to be produced.
The PKIX WG is aware of this.
I suggest that those who have comment regarding
direct those comments to the PKIX WG's mailing list.
>Are you sure this is simplifying things for you?
I recall discussions regarding how this change will simplifying
things. This is a minor issue.
Kurt, LDAP co-chair