[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: I-D ACTION:draft-salzr-ldap-repsig-00.txt

To: ietf-pkix@imc.org, ietf-ldapext@netscape.com
Subject: RE: I-D ACTION:draft-salzr-ldap-repsig-00.txt
From: Rich Salz <salzr@certco.com>
Date: Sat, 06 May 2000 19:37:10 -0400 (EDT)
In-reply-to: <SwtlC.A.OqG.u3GF5@glacier>
Resent-date: Sat, 06 May 2000 16:37:23 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <34A5gD.A.KCC.oyKF5@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

This is my second response to Bruce's comments.

This covers the "style" issues.

I prefer a raw signature, not a separate S/MIME signature because
it makes sense. :)  Think of the client request and server response
as a signed entity.  Just like a cert, then, you have
	client PDU  server PDU replysig extra-data
Layed out like that, it looks like any other signature.

It makes about as much sense to use S/MIME here, as it would be to use
S/MIME to handle the CA's signature of an X509v3 cert...  You could do
it, but why?

Well, okay, style issue.
	/r$

Prev by Date: RE: I-D ACTION:draft-salzr-ldap-repsig-00.txt
Next by Date: Free World-Wide Internet Access
Index(es):
- Chronological
- Thread