ietf-smime
[Top] [All Lists]

RE: Border directories

2000-05-30 05:28:19
I wouldn't say we do hardwiring; it's more like seeing a URL on TV and
typing it into a browser :-).  When users register for a DoD
certificate, they get an instruction sheet for adding the DoD root and
finding the directory.

That does seem to be the only way to do it at present. However, it also
sounds like it has severe scaling problems for users who need to work with
many disjoint directories. Presumably if there is no mapping from email
address to directory server, then it is necessary to look in them all. That
has to be a big performance hit (for the LDAP servers concerned). It also
unnecessarily leaks information about who is communicating with whom. Even a
simple convention such as having clients attempt a lookup for
user(_at_)company(_dot_)com by connecting to ldap.company.com would go a long 
way to
address that (even if it is a bit of a kludge).

Cheers,
Frank.

Coordination from the DoD to other directories is not complete, but
people are working on it.
See http://www.fts.gsa.gov/html/fedware/Govt_OnlineDirectories.html.

Dave



From: "Frank O'Dwyer" <fod(_at_)brd(_dot_)ie>

Bob Jueneman wrote:
3.  The much more significant point, unless I've overlooked a
"directoryCapabilities"  attribute in the S/MIME spec
somewhere , is that
both the originating and receiving application are completely clueless
as to where to find either the directory itself, or the http provider.

I had been wondering how S/MIME addressed mapping of an email
address to a
directory server address. From the sound of this thread, I
guess it doesn't.
So how are people doing this in practice? Is everyone setting up an LDAP
directory, then ignoring it and exchanging certificates by
email? Or just
hardwiring a few LDAP servers into client configs?

Cheers,
Frank O'Dwyer
fod(_at_)brd(_dot_)ie

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.145 / Virus Database: 69 - Release Date: 5/4/00

---
Outgoing mail has been scanned for viruses.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.145 / Virus Database: 69 - Release Date: 5/4/00


<Prev in Thread] Current Thread [Next in Thread>