On Tue, 7 Feb 1995 Jueneman(_at_)gte(_dot_)com wrote:
OK. How's this for a concrete proposal (subject to management approval, of
course);
[...points deleted...]
It's a nice offer Bob, but I suspect that without the following it will be
yet another non-starter:
8. GTE will write source code for accessing the directory to get
certificates and make the source freely available to PEM implementors
as a reference implementation. Alternatively, GTE will provide pointers
to _freely_ available documentation on how PEM implementators can write
their own access code from scratch.
It's all very well to put the information in the directory Bob, but we also
need a way to get it out. Without that, I cannot get very excited about
your proposal. And don't bother pointing me at QUIPU or any other
full X,500 implementation. I'd rather not have to link in all that and
screw my application up into knots just to get the following functions:
void GetENCertificate (char *emailAddress, X509CERT *certificate);
void GetDNCertificate (X500DN *name, X509CERT *certificate);
But, don't let me discourage you. Set it up. Right now in fact. Load
the RIPEM key database into it for a start. Then get your GTE buddies
onto the source code project. Then worry about all the policy problems,
legal niceties, etc. If it is great, everyone will support it. If it is
hopeless or overly complex to access, it will go nowhere. That's the way
the Internet works. Cest la vie.
To show that I'm not all negative, I'm still looking at LDAP for accessing
certificates and will make my source available. But I'm very quickly
coming to the conclusion that LDAP is a dead loss, even if the stringised
certificate problem can be solved. I suppose I'll have to fork over the
A$500+ for the OSI standards after all to figure out how to do DAP. :-(
Cheers,
Rhys.
--
Rhys Weatherley, Queensland University of Technology, Brisbane, Australia.
E-mail: rhys(_at_)fit(_dot_)qut(_dot_)edu(_dot_)au "net.maturity is knowing
when NOT to followup"
An Internet draft describe a Simple Object Lookup Protocol (SOLO) which is
based on ASCII text protocol. It is simple to use and user friendly. The
interconnexion with X.500 has been done ans is public domain. Access
through WWW is also offer. In fact you may try the INRIA WWW server.
Furthermore SOLO is not devoted to X.500 but also to any other kind of
database. By thus wherever the Certificates are stored they may be accessed
through a unique protocol.
Regards
ALain Zahm