[Date Prev][Date Next] [Chronological] [Thread] [Top]

I-D ACTION:draft-salzr-ldap-repsig-00.txt

To: IETF-Announce: ;
Subject: I-D ACTION:draft-salzr-ldap-repsig-00.txt
From: Internet-Drafts@ietf.org
Date: Tue, 02 May 2000 06:43:06 -0400
Cc: ietf-pkix@imc.org, ietf-ldapext@netscape.com
Resent-date: Tue, 02 May 2000 03:43:21 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <lF_Qj.A.cpC._ErD5@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

A New Internet-Draft is available from the on-line Internet-Drafts directories.


	Title		: LDAP Controls for Reply Signatures
	Author(s)	: R. Salz
	Filename	: draft-salzr-ldap-repsig-00.txt
	Pages		: 8
	Date		: 01-May-00
	
In many environments the final step of certificate issuance is 
publishing the certificate to a repository. Unfortunately, there 
is no way for a Certification Authority (CA) to have a secure 
application-level acknowledgement that the proper repository 
did, in fact, receive the certificate. This issue is of greater 
concern when considering the publication of Certificate 
Revocation Lists (CRLs) -- if an adversary manages to interpose 
itself between the CA and its intended repository, then clients 
could end up relying on outdated revocation lists.
This document defines a set of controls so that an LDAP client, 
such as a CA, can receive a cryptographically secure 
acknowledgement that an LDAP server has received a request, and 
that the integrity of the server's reply has not been 
compromised.
  
    Whenever possible, the definitions here use mechanisms and 
    datatypes defined by the IETF PKIX working group. This document 
    references RFC 2459 [RFC2459]. Knowledge of the RFC is required 
    for proper implementation of this document, although it should 
    be possible to understand this document without much knowledge 
    of that RFC.
    
    It is expected that future versions of this document will 
    reference 2459's successor(s).

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-salzr-ldap-repsig-00.txt

Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
	"get draft-salzr-ldap-repsig-00.txt".

A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html 
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt


Internet-Drafts can also be obtained by e-mail.

Send a message to:
	mailserv@ietf.org.
In the body type:
	"FILE /internet-drafts/draft-salzr-ldap-repsig-00.txt".
	
NOTE:	The mail server at ietf.org can return the document in
	MIME-encoded form by using the "mpack" utility.  To use this
	feature, insert the command "ENCODING mime" before the "FILE"
	command.  To decode the response(s), you will need "munpack" or
	a MIME-compliant mail reader.  Different MIME-compliant mail readers
	exhibit different behavior, especially when dealing with
	"multipart" MIME messages (i.e. documents which have been split
	up into multiple messages), so check your local documentation on
	how to manipulate these messages.
		
		
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.

Follow-Ups:
- Re: I-D ACTION:draft-salzr-ldap-repsig-00.txt
  - From: Bruce Greenblatt <bgreenblatt@directory-applications.com>

Prev by Date: Do you use Instant Messenger?
Next by Date: FREE CheckMan software!
Index(es):
- Chronological
- Thread