"David P. Kemp" <dpkemp(_at_)missi(_dot_)ncsc(_dot_)mil> writes:
The new section 4 could mention certdist as an option, but standard LDAP
should be mandatory.
Why should it be mandatory? I can see that saying that finding a cert is
a good idea, but mandating it is not (there will always be situations where
it doesn't make sense), and mandating one particular way of doing it is even
worse - even if you are in a situation where retrieving a cert is useful,
being forced to do it via LDAP is an unnecessary restriction.