[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Signed Directory Operations

To: Bruce Greenblatt <Bgreenblatt@rsa.com>
Subject: RE: Signed Directory Operations
From: "Salter, Thomas A" <Thomas.Salter@unisys.com>
Date: Wed, 20 May 1998 15:00:39 -0400
Cc: "[ldap extensions]" <ietf-ldapext@netscape.com>
Delivered-to: ldapext-archive@critical-angle.com
Resent-date: Wed, 20 May 1998 12:04:36 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"i0xTN3.0.9a5.3boOr"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

Can you provide some clarification/rationale on these points:
1. What's the advantage of S/MIME formatted signature, rather than an
ASN.1 bit string ?
2. How is the signature computed on the Ldap operation?  Do you DER
encode the operation without the SignedOperation control, compute the
signature, add the control with signature, then re-encode the operation?
3. What good is the signature if the LDAP server doesn't verify it?  Why
isn't the LDAP server required to verify the signature?
4.How about some examples of the Changes attribute?  What does the
SignedOperation look like?
5. There's no discussion of how this auxiliary class, signedAuditTrail,
is used.  Does every object modified by a signed operation get a Changes
attribute?  Does the server maintain the sequence number ?
6. Is it expected that some LDAP servers would disallow non-signed
operations?  If so, this should be specified, and there should be a
root-dse attribute indicating it.  If not, what's the point of signing
some operations if anyone can come along and undo the changes with an
unsigned operation?
7. signatureSpan seems to be undefined.
8. Why do you say "The SignedResult control MUST not be marked
CRITICAL."?  It seems reasonable for a client to say "If the server
can't sign it, I don't want it"

Prev by Date: Signed Directory Operations
Next by Date: RE: Signed Directory Operations
Index(es):
- Chronological
- Thread