Rhys said, re the use of LDAP for certificate retrieval:
It is a little different. When the certificate is converted into a
string, the subject and issuer DN's lose their string tags. When you
reconstruct it, should you use PrintableString, T61String, NumericString,
IA5String, or what? Try every possible combination until the signature
verifies?
Rhys, I think you have an excellent point. I have not looked at the RFC for
LDAP, but this would clearly be unacceptable. Even after we migrate to v3, an
important part of the semantics of the DN are carried in the string tags, and
obviously it will be more important with v3.
DEC's InfoBroker product, version 2, is going to use an LDAP server and a WWW
browser for the interface, instead of their current Windows client. I'm going
to be talking to them anyway, so I'll ask them. There is also going to be a
vendor's day at the next NADF meeting, and I'll raise the issue there as well.
Bob