True, certs can be and often are stored as files in file servers. This does
not make them easy for an email client to find them. We were talking about
S/MIME and Active Directory. The W2K cert server can store the certs in a
Directory by default, one which is LDAP accessible and that is exactly what
the email client needs. I never said that certs could only be stored in a
directory, but in this discussion, founded on the question of W2K and S/MIME
interoperability, a directory is precisely where you'll find them. Since
active directory is not something most companies will want to expose to the
internet, I proposed a directory proxy.
You are also right, LDAP is a middleman, but only in the same way HTTP is.
Unfortunately, your quoting of my text does not properly quote Peter's.
Please lets drop these threads, they loose the context of the original
discussion which was on interoperability.
Walt
-----Original Message-----
From: Philip Hallam-Baker [mailto:pbaker(_at_)verisign(_dot_)com]
Sent: Friday, May 12, 2000 10:07 AM
To: Walter Williams; pgut001(_at_)cs(_dot_)auckland(_dot_)ac(_dot_)nz;
ietf-smime(_at_)imc(_dot_)org;
pbaker(_at_)verisign(_dot_)com
Subject: RE: Border directories
Last I checked, as the information is stored in a directory to begin
with,
LDAP is not a middleman, but is doing things rather directly.
LDAP is just a protocol, all protocols are middlemen
>Doing an HTTP
Get presumes that this will find it in a Directory. Probably you will
find
that your HTTP needs a perl cgi which actually talks LDAP behind the
scenes.
More likely talk to a database.
I was never a fan of either CGI or Perl.
Don't forget HTTP is not a Directory Access Protocol, LDAP is, and the
certs
are stored in a Directory.
Who says so??? They are wrong in many cases.
Phill