On Tue, 7 Feb 1995, Peter Williams wrote:
>8. GTE will write source code for accessing the directory to get
> certificates and make the source freely available to PEM implementors
> as a reference implementation. Alternatively, GTE will provide
pointers
> to _freely_ available documentation on how PEM implementators can write
> their own access code from scratch.
Are you able to send simple strings to a TCP port, and TCP-connect, send
and recv?
You betcha.
If so, I can help GTE operate an RFC 1202 gateway server to DAP. We can
even extend it to have the two exact functions you desire; we could
supply the certificate as specified by 1421 <cert>.
Ah! That's more like it. Thanks for pointing out this RFC. I'll go over
it with a fine tooth comb to evaluate its suitability. Question: is this
RFC still current or has it been depreciated by the OSI-DS community in
favour of LDAP? I was under the impression that LDAP was intended to
replace all of the proprietry and semi-proprietry lightweight protocols
that had been floating around previously.
If the i/f offered the client something like
"cert -en williams(_at_)atlas(_dot_)arc(_dot_)nasa(_dot_)gov"
"cert -pem <asymmid>"
would this be simple enough?
It most certainly would be. Whether it can handle other CA functions is
another matter, but at least for simple query things it may be very useful.
Bob, this is really want I'm after: a simple ASCII protocol that a client
can potentially be implemented for in a couple of hours. Not because of any
hatred for ASN.1 or X.500. Really, I couldn't care less what system is
used or how involved it is to implement. ASN.1 and X.500 are a pain, but
not an intolerable pain. What I do care about is: will I be the only PEM
implementor supporting it at the end of the day because no one else has
the time or the inclination to do the same? A simpler protocol maximises
the chances of wider support.
The X.500 specifications are freely available on nc-17.ma02.bull.com
I'll have to look at that site, but most of the versions I've come across
are either incomplete, formatted weirdly, or my printer barfs on them.
I'll probably still get the full set from Standards Australia anyway.
I've been meaning to for quite some time.
Cheers,
Rhys.