At the risk of putting words in David's mouth, I think he was trying to define
mandatory minimum environment that compliant software could be assumed
to support, so as to help ensure interoperability.
That certainly shouldn't preclude retrieving certificates some other way, of
Peter Gutmann <pgut001(_at_)cs(_dot_)aucKland(_dot_)ac(_dot_)nz> 04/08/00
"David P. Kemp" <dpkemp(_at_)missi(_dot_)ncsc(_dot_)mil> writes:
The new section 4 could mention certdist as an option, but standard LDAP
should be mandatory.
Why should it be mandatory? I can see that saying that finding a cert is
a good idea, but mandating it is not (there will always be situations where
it doesn't make sense), and mandating one particular way of doing it is even
worse - even if you are in a situation where retrieving a cert is useful,
being forced to do it via LDAP is an unnecessary restriction.