[Top] [All Lists]

Re: which usercertificate attribute

2000-04-10 05:43:08

Bob put the right words in my mouth :-).  IETF specifications use
"MUST", "SHOULD", and "MAY" in a uniform manner to enhance the
ability to interoperate.  MUST always means "must implement",
not "must use".

But I meant mandatory in an even more limited sense:  *if* applications
are going to support LDAP (i.e. X.500 directory attributes) to retrieve
certs, then they MUST be able to do it in accordance with the 
standard LDAP schema.


To: ietf-smime(_at_)imc(_dot_)org
Subject: Re: which usercertificate attribute

"David P. Kemp" <dpkemp(_at_)missi(_dot_)ncsc(_dot_)mil> writes:

The new section 4 could mention certdist as an option, but standard LDAP 
should be mandatory.  

Why should it be mandatory?  I can see that saying that finding a cert is
a good idea, but mandating it is not (there will always be situations where
it doesn't make sense), and mandating one particular way of doing it is even
worse - even if you are in a situation where retrieving a cert is useful,
being forced to do it via LDAP is an unnecessary restriction.