[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: I-D ACTION:draft-ietf-pkix-ldap-schema-00.txt
> However, I seem to sense some opposition to the concept and this is
> where we have a real problem. If an entry holds two certificates,
> there is no way of setting other attributes in the entry so that each
> of their values are associated with the appropriate certificate. I
> think the matching rule approach is the only solution.
I agree.
>You may be able
> to have 'magic' attributes that have order-dependent values, but this
> is in conflict with the X.500 standard.
Actually X.500(97) has a potential solution for this in the concept of
attribute value contexts. But no-one to my knowledge has
implemented contexts, and you would still have the management
overhead of keeping the contexts on the whole package of
attributes in sync.
David
***************************************************
David Chadwick
IS Institute, University of Salford, Salford M5 4WT
Tel +44 161 295 5351 Fax +44 161 745 8169
Mobile +44 790 167 0359
Email D.W.Chadwick@salford.ac.uk
Home Page http://www.salford.ac.uk/its024/chadwick.htm
Understanding X.500 http://www.salford.ac.uk/its024/X500.htm
X.500/LDAP Seminars http://www.salford.ac.uk/its024/seminars.htm
Entrust key validation string MLJ9-DU5T-HV8J
***************************************************