-----Original Message-----
From: Christopher Oliva [mailto:Chris.Oliva@entrust.com]
Sent: Friday, November 22, 2002 12:44 PM
To: 'Kurt D. Zeilenga'
Cc: ietf-pkix@imc.org; ietf-ldapbis@OpenLDAP.org
Subject: RE: A plan for PKIX, LDAPv3, and ;binary
> There are clients which
> expect:
> a) return the certificate using "userCertificate;binary" or
> b) return the certificate using "userCertificate".
>This sounds like a strong argument that supports updating servers to achieve interoperability with both groups . That's why I would prefer a solution that requires updated servers to support the native encoding of certificates (as would be returned when "userCertificate" is requested).
The two groups I refer to are clients who request userCertificate;binary and clients who request userCertificate as I complicated this with the two groups outlined above. Sorry for the confusion.
> As a server cannot support both at the same time, there is
> clearly an interoperability divide between implementationsWhy is it that a server cannot support both groups ?
If it remains the server's choice of whether or not to support group B, the interoperability divide remains unchanged. I believe the proposal should define the native encoding so that interoperability with group B can be attempted. This should not involve any comments about deprecation as server implementations may takes this as a reason not to support a request for "userCertificate". And there can be text indicating clients SHOULD request "userCertificate;binary".
Chris.