[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: I-D ACTION:draft-salzr-ldap-repsig-00.txt
Rich,
Why can't you use the mechanisms defined in RFC 2649 as a basis for this?
Your proposal seems remarkably similar to the definitions in RFC 2649.
Bruce
At 06:43 AM 5/2/2000 -0400, Internet-Drafts@ietf.org wrote:
>A New Internet-Draft is available from the on-line Internet-Drafts
directories.
>
>
> Title : LDAP Controls for Reply Signatures
> Author(s) : R. Salz
> Filename : draft-salzr-ldap-repsig-00.txt
> Pages : 8
> Date : 01-May-00
>
>In many environments the final step of certificate issuance is
>publishing the certificate to a repository. Unfortunately, there
>is no way for a Certification Authority (CA) to have a secure
>application-level acknowledgement that the proper repository
>did, in fact, receive the certificate. This issue is of greater
>concern when considering the publication of Certificate
>Revocation Lists (CRLs) -- if an adversary manages to interpose
>itself between the CA and its intended repository, then clients
>could end up relying on outdated revocation lists.
>This document defines a set of controls so that an LDAP client,
>such as a CA, can receive a cryptographically secure
>acknowledgement that an LDAP server has received a request, and
>that the integrity of the server's reply has not been
>compromised.
>
==============================================
Bruce Greenblatt, Ph. D.
Directory Tools and Application Services, Inc.
http://www.directory-applications.com
Sign up for our LDAP Technical Overview Seminar at:
http://www.acteva.com/go/dtasi