certificates are stored in a directory that exposes its data
via LDAP and some form of LDAP interface will be required
Dead wrong. Sometimes this is the case but it is neither necessarily
the case or even usually the case.
LDAP is simply an access protocol. There is no necessity that LDAP
be involved AT ALL in the Certificate repository.
Of course to interface to many PKI applications it is usefull to
support LDAP as one option, but the idea that it is impossible to
access data directly through a repository interface to HTTP, FTP
or even Gopher without converting the protocol to LDAP and back
is simply incorrect.
we have available an LDAP COM Automation server that can be used
to tie an LDAP directory to a web server and has a footprint of
< 1 MB.
Yeah, LIGHTWEIGHT!
Try fitting that on a Palm VII! How about a smartcard?
I don't know quite how we got into this argument. I am certainly not
trying to dis LDAP, far from it, I was very involved in the VeriSign
LDAP strategy.
All I am trying to say is that the LDAP protocol did not close forever
the question of where certificates are to reside and the access protocols
by which they are to be retrieved. If companies cannot be persuaded to
deploy border directories that talk LDAP we can try them on HTTP. If
they won't take HTTP we can invent something else altogether.
Phill
smime.p7s
Description: S/MIME cryptographic signature