ietf-smime
[Top] [All Lists]

RE: Does Slime works fine with Windows 2000 PKI

2000-05-11 11:24:16
This is why SRV records of the type _LDAP exist after all.

Walt

PS: Agree strongly about the security thing!

-----Original Message-----
From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org]On Behalf Of Philip 
Hallam-Baker
Sent: Thursday, May 11, 2000 12:51 PM
To: 'rmorrill(_at_)csc(_dot_)com'; 
dennis(_dot_)glatting(_at_)software-munitions(_dot_)com
Cc: walter(_dot_)williams(_at_)genuity(_dot_)com; 
Laurent(_dot_)Deffranne(_at_)dexia(_dot_)be;
ietf-smime(_at_)imc(_dot_)org
Subject: RE: Does Slime works fine with Windows 2000 PKI




One would think that if you have no control over what is shown and what
is not
shown, that you have effectively lost control of your LDAP systems. 

Hey, misconfigured 'stuff' is a major cause of security problems.

The problem I encounter very often is the cost of making sure that
'stuff' remains well configured.

That is why I prefer infrastructure that is narrowly focused on a 
single function rather than broad-band approaches. 

Regarless of whether the border directory speaks LDAP or HTTP the 
S/MIME client still needs a way to locate it via DNS. I do not believe
that the global X.500 namespace is going to ever exist and even if
it did, DNS and RFC822 are the Internet namespace. Hence the SRV
record is still relevant.

              Phill


<Prev in Thread] Current Thread [Next in Thread>