[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: draft minutes from Chicago meeting
Chris,
I could equally argue that since PKI is being installed in all major
organizations, it would make sense to use it for the Directory as well.
However, I see your point and we need to ponder this. But I am not sure I
will go as far as accept what other people rushed into doing unless it is
the right thing to do for the Directory.
I disagree with you that LDAP is crushing X.500 in the marketplace. There
is a need for both at this point in time. You still do not have
replication and chaining on stand-alone LDAP servers - except by
proprietary means. As a result, stand-alone LDAP servers are used in
smaller installations and X.500 products (which have been around longer -
lest we forget) are used more in larger installations.
Cheers, ....Erik.
---------------------------------------
Erik Skovgaard
GeoTrain Copr.
Enterprise Directory Training and Consulting
http://www.geotrain.com
At 12:14 05/10/98 -0700, Chris Newman wrote:
>On Sat, 3 Oct 1998, Erik Skovgaard wrote:
>> But the issue is different for most of these servers. In most cases
>> (except for the web server, of course) the client won't need to contact
>> several servers.
>
>I disagree. With IMAP shared folders, there may be a need to connect to
>multiple IMAP servers. In addition, there is a need to connect to the
>same IMAP server multiple times if a user opens multiple folders
>simultaneously. When reading email, one is likely to connect to LDAP
>servers for directory lookups, IMAP servers to read mail, SMTP servers
>(with SMTP AUTH) to authenticate and send mail, and ACAP servers to get
>client configuration. Perhaps even NNTP servers to read news if it's not
>been made available through IMAP.
>
>If each of these had a different mandatory-to-implement mechanism, the
>result would be a nightmare, especially if LDAP mandated client certs.
>Don't forget that many (most?) of the LDAP clients people regularly use
>today are also email clients. Internet email is one of the reasons that
>LDAP continues to crush X.500 in the marketplace.
>
>While CRAM-MD5 suffices in my book, Digest has the potential to be better
>since it brings HTTP into the set of protocols with can share the
>mandatory-to-implement mechanism. It's a shame so few people in the apps
>area (and nobody in the security area) have paid attention to the need for
>multi-protocol authentication technology.
>
>Something as fundamental as a mandatory-to-implement mechanism can't be
>determined with blinders that look at only one protocol at a time.
>
> - Chris
>
>
>