[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: I-D ACTION:draft-chadwick-pkixldap-v3-00.txt

David,

  Section 2  seems to contradict RFC 2252 concerning altServer. RFC 2252 says:

5.2.2. altServer

   The values of this attribute are URLs of other servers which may be
   contacted when this server becomes unavailable.  If the server does
   not know of any other servers which could be used this attribute will
   be absent.

  while your X.509 draft says:

The altServer attribute is used by servers to point to alternative
servers that may be contacted if this server is temporarily
unavailable. This attribute MUST be stored in the root DSE of the
server and MUST be available to clients for retrieval. If no
alternative servers exist this attribute MUST point to the current
server.


  Also, I don't understand section 4 (Features Of Ldapv3 That SHOULD NOT Be
Supported):

The client SHOULD NOT support the ModifyDN, Compare and Abandon
operations.

etc.

  While it may not be necessary for an LDAP client using PKI to support these
operations, why is it significant for PKI that a client NOT support them?

  The Abstract of the document says:

This document describes the features of the Lightweight Directory
Access Protocol v3 that are needed in order to support a public key
infrastructure based on X.509 certificates and CRLs.

  but section 4 seems to list a number of LDAPv3 features which the document feels
are not only not needed, but detrimental to a PKI infrastructure, and it does so
without explaining why.

Rob


Internet-Drafts@ietf.org wrote:

> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>
>         Title           : Internet X.509 Public Key Infrastructure
> Operational Protocols - LDAPv3
>         Author(s)       : D. Chadwick
>         Filename        : draft-chadwick-pkixldap-v3-00.txt
>         Pages           :
>         Date            : 14-Jun-99
>
> This document describes the features of the Lightweight Directory
> Access Protocol v3 that are needed in order to support a public key
> infrastructure based on X.509 certificates and CRLs.
>
> A URL for this Internet-Draft is:
> http://www.ietf.org/internet-drafts/draft-chadwick-pkixldap-v3-00.txt
>
> Internet-Drafts are also available by anonymous FTP. Login with the username
> "anonymous" and a password of your e-mail address. After logging in,
> type "cd internet-drafts" and then
>         "get draft-chadwick-pkixldap-v3-00.txt".
>
> A list of Internet-Drafts directories can be found in
> http://www.ietf.org/shadow.html
> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
>
> Internet-Drafts can also be obtained by e-mail.
>
> Send a message to:
>         mailserv@ietf.org.
> In the body type:
>         "FILE /internet-drafts/draft-chadwick-pkixldap-v3-00.txt".
>
> NOTE:   The mail server at ietf.org can return the document in
>         MIME-encoded form by using the "mpack" utility.  To use this
>         feature, insert the command "ENCODING mime" before the "FILE"
>         command.  To decode the response(s), you will need "munpack" or
>         a MIME-compliant mail reader.  Different MIME-compliant mail readers
>         exhibit different behavior, especially when dealing with
>         "multipart" MIME messages (i.e. documents which have been split
>         up into multiple messages), so check your local documentation on
>         how to manipulate these messages.
>
>
> Below is the data which will enable a MIME compliant mail reader
> implementation to automatically retrieve the ASCII version of the
> Internet-Draft.
>
>   ----------------------------------------------------------------------
> Content-Type: text/plain
> Content-ID:     <19990614143828.I-D@ietf.org>