This is why SRV records of the type _LDAP exist after all.
PS: Agree strongly about the security thing!
[mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org]On Behalf Of Philip
Sent: Thursday, May 11, 2000 12:51 PM
Subject: RE: Does Slime works fine with Windows 2000 PKI
One would think that if you have no control over what is shown and what
shown, that you have effectively lost control of your LDAP systems.
Hey, misconfigured 'stuff' is a major cause of security problems.
The problem I encounter very often is the cost of making sure that
'stuff' remains well configured.
That is why I prefer infrastructure that is narrowly focused on a
single function rather than broad-band approaches.
Regarless of whether the border directory speaks LDAP or HTTP the
S/MIME client still needs a way to locate it via DNS. I do not believe
that the global X.500 namespace is going to ever exist and even if
it did, DNS and RFC822 are the Internet namespace. Hence the SRV
record is still relevant.