One would think that if you have no control over what is shown and what
is not
shown, that you have effectively lost control of your LDAP systems.
Hey, misconfigured 'stuff' is a major cause of security problems.
The problem I encounter very often is the cost of making sure that
'stuff' remains well configured.
That is why I prefer infrastructure that is narrowly focused on a
single function rather than broad-band approaches.
Regarless of whether the border directory speaks LDAP or HTTP the
S/MIME client still needs a way to locate it via DNS. I do not believe
that the global X.500 namespace is going to ever exist and even if
it did, DNS and RFC822 are the Internet namespace. Hence the SRV
record is still relevant.
Phill
smime.p7s
Description: S/MIME cryptographic signature