RE: Border directories2000-05-12 07:17:33
certificates are stored in a directory that exposes its data via LDAP and some form of LDAP interface will be required
Dead wrong. Sometimes this is the case but it is neither necessarily the case or even usually the case. LDAP is simply an access protocol. There is no necessity that LDAP be involved AT ALL in the Certificate repository. Of course to interface to many PKI applications it is usefull to support LDAP as one option, but the idea that it is impossible to access data directly through a repository interface to HTTP, FTP or even Gopher without converting the protocol to LDAP and back is simply incorrect.
we have available an LDAP COM Automation server that can be used to tie an LDAP directory to a web server and has a footprint of < 1 MB.
Yeah, LIGHTWEIGHT! Try fitting that on a Palm VII! How about a smartcard? I don't know quite how we got into this argument. I am certainly not trying to dis LDAP, far from it, I was very involved in the VeriSign LDAP strategy. All I am trying to say is that the LDAP protocol did not close forever the question of where certificates are to reside and the access protocols by which they are to be retrieved. If companies cannot be persuaded to deploy border directories that talk LDAP we can try them on HTTP. If they won't take HTTP we can invent something else altogether. Phill