IETF Logo Mail Archive

Re: [pkix] purpose of LDAP in PKI

"Andris Berzins" <pkix@inbox.lv> Mon, 18 February 2013 13:53 UTC

Return-Path: <pkix@inbox.lv>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 329C021F8910 for <pkix@ietfa.amsl.com>; Mon, 18 Feb 2013 05:53:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.679
X-Spam-Level:
X-Spam-Status: No, score=-1.679 tagged_above=-999 required=5 tests=[AWL=0.365, BAYES_00=-2.599, HTML_MESSAGE=0.001, HTML_MIME_NO_HTML_TAG=0.097, MIME_HTML_ONLY=1.457, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5BIMngP040Ta for <pkix@ietfa.amsl.com>; Mon, 18 Feb 2013 05:53:15 -0800 (PST)
Received: from shark2.inbox.lv (shark2.inbox.lv [89.111.3.82]) by ietfa.amsl.com (Postfix) with ESMTP id A531F21F890D for <pkix@ietf.org>; Mon, 18 Feb 2013 05:53:15 -0800 (PST)
Received: by shark2.inbox.lv (Postfix, from userid 1000) id C3FE2D867; Mon, 18 Feb 2013 15:53:13 +0200 (EET)
Received: from localhost (localhost [127.0.0.1]) by shark2-plain-b64d2.inbox.lv (Postfix) with ESMTP id 6FE07D855 for <pkix@ietf.org>; Mon, 18 Feb 2013 15:53:13 +0200 (EET)
Received: from localhost ([10.0.1.19]) by localhost (shark2.inbox.lv [10.0.1.80]) (spamfilter, port 27) with ESMTP id AkQM4UjvrnHf for <pkix@ietf.org>; Mon, 18 Feb 2013 15:53:11 +0200 (EET)
Received: from 193.40.12.10 ( [193.40.12.10]) by mail.inbox.lv with HTTP; Mon, 18 Feb 2013 15:53:11 +0200
MIME-Version: 1.0
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Compose: web=mail.inbox.lv, node=w9.inbox.lv, l=en, compose=HTML
X-REMOTE-ADDR: 193.40.12.10
X-HTTP-USER-AGENT: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.17 (KHTML, like Gecko) Ubuntu Chromium/24.0.1312.56 Chrome/24.0.1312.56 Safari/537.17
Message-ID: <1361195591.51223247ad553@mail.inbox.lv>
Date: Mon, 18 Feb 2013 15:53:11 +0200
From: Andris Berzins <pkix@inbox.lv>
To: pkix@ietf.org
References: <9A043F3CF02CD34C8E74AC1594475C733340DA1B@uxcn10-2.UoA.auckland.ac.nz>
In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C733340DA1B@uxcn10-2.UoA.auckland.ac.nz>
User-Agent: Inbox.lv Webmail
Subject: Re: [pkix] purpose of LDAP in PKI
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Feb 2013 13:53:16 -0000


 


Quoting Peter Gutmann <pgut001@cs.auckland.ac.nz>:
Andris Berzins <pkix@inbox.lv> writes:

>What could be the reason why end user certificates should be stored in LDAP
>by the CA and made publicly available?

There isn't one. It's (ancient) historical baggage based on X.509's origins
in X.500, and some of the people writing the standards haven't realised yet
that HTTP won.


When I apply for ID-card having authentication and qualified signature certificate on it,
I have to checkbox whether I want my certificates to be published in LDAP.
I get no clear answer how could I benefit from my certificates being published.




Peter.
_______________________________________________
pkix mailing list
pkix@ietf.org
https://www.ietf.org/mailman/listinfo/pkix

 

v2.23.0 | Report a Bug | By Email