ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: which usercertificate attribute

2000-04-10 07:54:41
from [Walter Williams] [Permanent Link] 
Actually, smimeUserCertificate and userCertificate objects are both part of
the IETF standard organizationalPerson and inetOrgPerson schemas.  The first
is RFC2256 if my memory does not fail me and the second is a draft on the
standards track, and has been widely adopted in the industry.  Therefor:
There is a standard LDAP schema which you can use

Walter Williams
TSD
Senior IT Analyst
Genuity

Please note: GTE Internetworking is now Genuity

-----Original Message-----
From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org]On Behalf Of Aram Perez
Sent: Monday, April 10, 2000 9:54 AM
To: ietf-smime(_at_)imc(_dot_)org
Subject: RE: which usercertificate attribute


David is right. Why have standards if you can't interoperate with other
implementations? Over a year ago I asked if there was a standard way of
getting a user's certificate from an LDAP directory. While I received a
number of replys, not one reply said: There is a standard LDAP schema which
you can use.

Regards,
Aram Perez

-----Original Message-----
From: David P. Kemp [mailto:dpkemp(_at_)missi(_dot_)ncsc(_dot_)mil]
Sent: Monday, April 10, 2000 8:46 AM
To: ietf-smime(_at_)imc(_dot_)org
Subject: Re: which usercertificate attribute


Peter,

Bob put the right words in my mouth :-).  IETF specifications use
"MUST", "SHOULD", and "MAY" in a uniform manner to enhance the
ability to interoperate.  MUST always means "must implement",
not "must use".

But I meant mandatory in an even more limited sense:  *if* applications
are going to support LDAP (i.e. X.500 directory attributes) to retrieve
certs, then they MUST be able to do it in accordance with the
standard LDAP schema.

Dave




To: ietf-smime(_at_)imc(_dot_)org
Subject: Re: which usercertificate attribute

"David P. Kemp" <dpkemp(_at_)missi(_dot_)ncsc(_dot_)mil> writes:


The new section 4 could mention certdist as an option, but standard LDAP
should be mandatory.


Why should it be mandatory?  I can see that saying that finding a cert is
a good idea, but mandating it is not (there will always be situations

where

it doesn't make sense), and mandating one particular way of doing it is

even

worse - even if you are in a situation where retrieving a cert is useful,
being forced to do it via LDAP is an unnecessary restriction.

Peter.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Ready for IETF Last Call: draft-ietf-smime-cast-128-02.txt, Russ Housley
Next by Date:  Re: which usercertificate attribute, Russ Housley
Previous by Thread:  RE: which usercertificate attribute, Aram Perez
Next by Thread:  Re: which usercertificate attribute, David P. Kemp
Indexes:  [Date] [Thread] [Top] [All Lists]