[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: A plan for PKIX, LDAPv3, and ;binary

To: wpolk@nist.gov
Subject: Re: A plan for PKIX, LDAPv3, and ;binary
From: David Chadwick <d.w.chadwick@salford.ac.uk>
Date: Mon, 25 Nov 2002 00:44:53 +0000
Cc: itef-pkix@imc.org, ietf-ldapbis@OpenLDAP.org
Organization: University of Salford
References: <1037908994.3ddd3c023850e@imp.nist.gov>

wpolk@nist.gov wrote:

> 
> (4) The lack of a defined LDAP-specific encoding for Certificate, Certificate
> List and Certificate Pair syntaxes is a problem, as a small percentage of
> implementations transfer these attributes without the ;binary option.  Rather
> than be silent, we suggest that the PKIX syntax and schema document state the
> LDAP-specific encoding used in transfer without the ;binary option but
> deprecate its use. 

Tim

I disagree with this deprecation. This is clearly not a step forward.
One of the main reasons we had a problem was that a workable certificate
syntax was never specified (only the flawed character encoded syntax in
LDAPv2). Rather than deprecate the LDAP specific encoding, we should
welcome it and deprecate the use of ;binary so that it can be phased it.
It is an ugly flawed concept, which is why LDAPBIS has agreed to remove
it.

David

> This LDAP-specific encoding has the same transfer
> representation as when the attribute is transferred with the ;binary option.
> 
> We believe this represents a straightforward path forward that meets the PKIX
> interoperability requirements while being most compatible with current PKI
> behavior, current LDAPv3 standards, and upcoming LDAPBIS documents.
> 
> Thank you,
> 
> Tim Polk, RL "Bob" Morgan, Kurt Zeilenga, and Steven Legg

-- 
*****************************************************************

David W. Chadwick, BSc PhD
Professor of Information Systems Security
IS Institute, University of Salford, Salford M5 4WT
Tel: +44 161 295 5351  Fax +44 01484 532930
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick@salford.ac.uk
Home Page:  http://www.salford.ac.uk/its024/chadwick.htm
Research Projects: http://sec.isi.salford.ac.uk
Understanding X.500:  http://www.salford.ac.uk/its024/X500.htm
X.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5

*****************************************************************

begin:vcard 
n:Chadwick;David
tel;cell:+44 77 96 44 7184
tel;fax:+44 1484 532930
tel;home:+44 1484 352238
tel;work:+44 161 295 5351
x-mozilla-html:FALSE
url:http://www.salford.ac.uk/its024/chadwick.htm
org:University of Salford;IS Institute
version:2.1
email;internet:d.w.chadwick@salford.ac.uk
title:Professor of Information Security
adr;quoted-printable:;;The Crescent=0D=0A;Salford;Greater Manchester;M5 4WT;England
note;quoted-printable:Research Projects: http://sec.isi.salford.ac.uk.......................=0D=0A=0D=0AUnderstanding X.500:  http://www.salford.ac.uk/its024/X500.htm .......................=0D=0A=0D=0AX.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm...................=0D=0A=0D=0AEntrust key validation string: CJ94-LKWD-BSXB ...........=0D=0A=0D=0APGP Key ID is 0xBC238DE5
x-mozilla-cpt:;-4856
fn:David Chadwick
end:vcard

References:
- A plan for PKIX, LDAPv3, and ;binary
  - From: wpolk@nist.gov

Prev by Date: Re: No-op LDAP ;binary option
Next by Date: Re: A plan for PKIX, LDAPv3, and ;binary
Index(es):
- Chronological
- Thread