[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
I-D ACTION:draft-salzr-ldap-repsig-00.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : LDAP Controls for Reply Signatures
Author(s) : R. Salz
Filename : draft-salzr-ldap-repsig-00.txt
Pages : 8
Date : 01-May-00
In many environments the final step of certificate issuance is
publishing the certificate to a repository. Unfortunately, there
is no way for a Certification Authority (CA) to have a secure
application-level acknowledgement that the proper repository
did, in fact, receive the certificate. This issue is of greater
concern when considering the publication of Certificate
Revocation Lists (CRLs) -- if an adversary manages to interpose
itself between the CA and its intended repository, then clients
could end up relying on outdated revocation lists.
This document defines a set of controls so that an LDAP client,
such as a CA, can receive a cryptographically secure
acknowledgement that an LDAP server has received a request, and
that the integrity of the server's reply has not been
compromised.
Whenever possible, the definitions here use mechanisms and
datatypes defined by the IETF PKIX working group. This document
references RFC 2459 [RFC2459]. Knowledge of the RFC is required
for proper implementation of this document, although it should
be possible to understand this document without much knowledge
of that RFC.
It is expected that future versions of this document will
reference 2459's successor(s).
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-salzr-ldap-repsig-00.txt
Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
"get draft-salzr-ldap-repsig-00.txt".
A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
Internet-Drafts can also be obtained by e-mail.
Send a message to:
mailserv@ietf.org.
In the body type:
"FILE /internet-drafts/draft-salzr-ldap-repsig-00.txt".
NOTE: The mail server at ietf.org can return the document in
MIME-encoded form by using the "mpack" utility. To use this
feature, insert the command "ENCODING mime" before the "FILE"
command. To decode the response(s), you will need "munpack" or
a MIME-compliant mail reader. Different MIME-compliant mail readers
exhibit different behavior, especially when dealing with
"multipart" MIME messages (i.e. documents which have been split
up into multiple messages), so check your local documentation on
how to manipulate these messages.
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.