[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: I-D ACTION:draft-ietf-ldapext-sigops-01.txt
Does any body have any concern re this proposal and the application on
large scale directory systems and key management. It strikes me this
mechanism might be OK for small single server systems where one has ones
own entries in ones own LDAP server for oneself AND one wants to keep
tabs on ones self if you update your data. BUT for REAL directory
systems that use distributed DSAs, mutual authentication, distributed
key management and dont have the need to replicate everything to
everywhere - this approach is a non starter.
Can the proposal highlight the way in which referred updates occur and
what the issues are with key management, distributed authentication -
etc, etc.
I think before one invests in LDAP signature systems one should deal
with
a distributed directory system that do not need replication of
everything to everywhere first - as it does with LDAP.
Please Note that X.500 directories - already have a signtature /
authentication capability in DAP, DSP, DISP and DOP.
regards alan
PS I though LDAP was about Internet directories and that the Internet
will have about 200 million users on it soon. - And these will not
technically or operationally fit in one LDAP server.
----------
From: Internet-Drafts@ietf.org
Cc: ietf-ldapext@netscape.com
Sent: 7/25/98 4:31:01 AM
Subject: I-D ACTION:draft-ietf-ldapext-sigops-01.txt
A New Internet-Draft is available from the on-line Internet-Drafts
directories.
This draft is a work item of the LDAP Extension Working Group of the
IETF.
Title : Signed Directory Operations Using S/MIME
Author(s) : B. Greenblatt, P. Richard
Filename : draft-ietf-ldapext-sigops-01.txt
Pages : 9
Date : 23-Jul-98
This document defines an LDAP v3 based mechanism for signing direc-
tory operations in order to create a secure journal of changes that have
been made to each directory entry. Both client and server based signa-
tures are supported. An object class for subsequent retrieval are
'journal entries' is also defined. This document specifies LDAP v3 con-
trols that enable this functionality. It also defines an LDAP v3 schema
that allows for subsequent browsing of the journal information.
Internet-Drafts are available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
"get draft-ietf-ldapext-sigops-01.txt".
A URL for the Internet-Draft is:
ftp://ftp.ietf.org/internet-drafts/draft-ietf-ldapext-sigops-01.txt
Internet-Drafts directories are located at:
Africa: ftp.is.co.za
Europe: ftp.nordu.net
ftp.nis.garr.it
Pacific Rim: munnari.oz.au
US East Coast: ftp.ietf.org
US West Coast: ftp.isi.edu
Internet-Drafts are also available by mail.
Send a message to: mailserv@ietf.org. In the body type:
"FILE /internet-drafts/draft-ietf-ldapext-sigops-01.txt".
NOTE: The mail server at ietf.org can return the document in
MIME-encoded form by using the "mpack" utility. To use this
feature, insert the command "ENCODING mime" before the "FILE"
command. To decode the response(s), you will need "munpack" or
a MIME-compliant mail reader. Different MIME-compliant mail
readers
exhibit different behavior, especially when dealing with
"multipart" MIME messages (i.e. documents which have been split
up into multiple messages), so check your local documentation on
how to manipulate these messages.
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.