[Date Prev][Date Next] [Chronological] [Thread] [Top]

CA strong binds

To: PKIX <ietf-pkix@imc.org>, Ldapext <ietf-ldapext@netscape.com>
Subject: CA strong binds
From: Sean Turner <turners@ieca.com>
Date: Tue, 13 Oct 1998 12:12:30 -0500
Organization: IECA, Inc.
Resent-date: Tue, 13 Oct 1998 09:17:55 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"Ov3Hi2.0.il6.kqt8s"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

All,

Appologies in advance if you get two of this message but I wasn't sure
which list to send the message to.

Recently some colleagues and I have been arguing whether applications
will choke when looking for CA certificates in
CertificationPath.userCertificate.  For example, when a CA binds to an
LDAP server (using say the X.509 Authentication  SASL Mechanism I-D)
the CA's certificate will be passed in
certification-path.userCertificate and the CA's superiors certificates
are passed in certication-path.theCACertificates.  Will applications
choke when trying to process the CA certificate from a field called
userCertificate or when trying to look for a "user's certificate"
which is in a CA's directory entry?

I know the name of the field shouldn't be confused with the value that
goes into it, but we were concerned that many of the specifications
were clear on where CA certificates should be put when attempting to
perform strong binds to the directory.

Any thoughts - implementation experience?

Thanks,

spt

Prev by Date: Re: (c.harding 21539) Re: Some questions regarding LDAP schema registration
Next by Date: RE: mapping identities RE: Compromise Authentication Proposal
Index(es):
- Chronological
- Thread