On Tue, 7 Feb 1995 Jueneman(_at_)gte(_dot_)com wrote:
OK. How's this for a concrete proposal (subject to management approval, of
course);
[...points deleted...]
It's a nice offer Bob, but I suspect that without the following it will be
yet another non-starter:
8. GTE will write source code for accessing the directory to get
certificates and make the source freely available to PEM implementors
as a reference implementation. Alternatively, GTE will provide pointers
to _freely_ available documentation on how PEM implementators can write
their own access code from scratch.
It's all very well to put the information in the directory Bob, but we also
need a way to get it out. Without that, I cannot get very excited about
your proposal. And don't bother pointing me at QUIPU or any other
full X,500 implementation. I'd rather not have to link in all that and
screw my application up into knots just to get the following functions:
void GetENCertificate (char *emailAddress, X509CERT *certificate);
void GetDNCertificate (X500DN *name, X509CERT *certificate);
But, don't let me discourage you. Set it up. Right now in fact. Load
the RIPEM key database into it for a start. Then get your GTE buddies
onto the source code project. Then worry about all the policy problems,
legal niceties, etc. If it is great, everyone will support it. If it is
hopeless or overly complex to access, it will go nowhere. That's the way
the Internet works. Cest la vie.
To show that I'm not all negative, I'm still looking at LDAP for accessing
certificates and will make my source available. But I'm very quickly
coming to the conclusion that LDAP is a dead loss, even if the stringised
certificate problem can be solved. I suppose I'll have to fork over the
A$500+ for the OSI standards after all to figure out how to do DAP. :-(
Cheers,
Rhys.
--
Rhys Weatherley, Queensland University of Technology, Brisbane, Australia.
E-mail: rhys(_at_)fit(_dot_)qut(_dot_)edu(_dot_)au "net.maturity is knowing
when NOT to followup"