Re: [pkix] purpose of LDAP in PKI
"Goulet, Walter" <Walter.Goulet@rsa.com> Mon, 18 February 2013 14:09 UTC
Return-Path: <Walter.Goulet@rsa.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B486021F8970 for <pkix@ietfa.amsl.com>; Mon, 18 Feb 2013 06:09:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hK7ZGRe+zCSY for <pkix@ietfa.amsl.com>; Mon, 18 Feb 2013 06:09:06 -0800 (PST)
Received: from mexforward.lss.emc.com (hop-nat-141.emc.com [168.159.213.141]) by ietfa.amsl.com (Postfix) with ESMTP id 8656B21F8906 for <pkix@ietf.org>; Mon, 18 Feb 2013 06:09:06 -0800 (PST)
Received: from hop04-l1d11-si02.isus.emc.com (HOP04-L1D11-SI02.isus.emc.com [10.254.111.55]) by mexforward.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id r1IE900s022874 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 18 Feb 2013 09:09:03 -0500
Received: from mailhub.lss.emc.com (mailhubhoprd01.lss.emc.com [10.254.221.251]) by hop04-l1d11-si02.isus.emc.com (RSA Interceptor); Mon, 18 Feb 2013 09:08:38 -0500
Received: from mxhub18.corp.emc.com (mxhub18.corp.emc.com [10.254.93.47]) by mailhub.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id r1IE8bAT025859; Mon, 18 Feb 2013 09:08:37 -0500
Received: from mx32a.corp.emc.com ([169.254.1.81]) by mxhub18.corp.emc.com ([10.254.93.47]) with mapi; Mon, 18 Feb 2013 09:08:37 -0500
From: "Goulet, Walter" <Walter.Goulet@rsa.com>
To: Andris Berzins <pkix@inbox.lv>, "pkix@ietf.org" <pkix@ietf.org>
Date: Mon, 18 Feb 2013 09:08:35 -0500
Thread-Topic: [pkix] purpose of LDAP in PKI
Thread-Index: Ac4N33dRryM08jnKSGWqJaL3n+0hNAAAWPQw
Message-ID: <1F94BBCDF9E6E7438147ABA3C338441A01594CEA16@MX32A.corp.emc.com>
References: <9A043F3CF02CD34C8E74AC1594475C733340DA1B@uxcn10-2.UoA.auckland.ac.nz> <1361195591.51223247ad553@mail.inbox.lv>
In-Reply-To: <1361195591.51223247ad553@mail.inbox.lv>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-EMM-MHVC: 1
Subject: Re: [pkix] purpose of LDAP in PKI
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Feb 2013 14:09:10 -0000
Quoting Peter Gutmann <pgut001@cs.auckland.ac.nz>: Andris Berzins <pkix@inbox.lv> writes: >>>What could be the reason why end user certificates should be stored in LDAP >>>by the CA and made publicly available? >>There isn't one. It's (ancient) historical baggage based on X.509's origins >>in X.500, and some of the people writing the standards haven't realised yet >>that HTTP won. >When I apply for ID-card having authentication and qualified signature certificate on it, >I have to checkbox whether I want my certificates to be published in LDAP. >I get no clear answer how could I benefit from my certificates being published. In enterprise or other private PKI deployments publishing certificates to LDAP stores can be very useful for applications such as S/MIME where a sender's mail client can fetch a recipient's certificate from a centralized LDAP directory service. Basically, exposing your certificate via LDAP makes it *much* easier for other applications to actually use your certificate. The benefits of publishing your certificate publicly (i.e. over Internet accessible LDAP directory store) are less clear to me. Peter. _______________________________________________ pkix mailing list pkix@ietf.org https://www.ietf.org/mailman/listinfo/pkix
- Re: [pkix] purpose of LDAP in PKI Peter Gutmann
- [pkix] purpose of LDAP in PKI Andris Berzins
- [pkix] purpose of LDAP in PKI Peter Gutmann
- Re: [pkix] purpose of LDAP in PKI Andris Berzins
- Re: [pkix] purpose of LDAP in PKI Denis Pinkas
- Re: [pkix] purpose of LDAP in PKI Bilal Ashraf
- Re: [pkix] purpose of LDAP in PKI Goulet, Walter
- Re: [pkix] purpose of LDAP in PKI Joel Kazin
- Re: [pkix] purpose of LDAP in PKI Peter Gutmann
- Re: [pkix] purpose of LDAP in PKI Erik Andersen
- Re: [pkix] purpose of LDAP in PKI Ferda Topcan
- Re: [pkix] purpose of LDAP in PKI Michael StJohns
- Re: [pkix] purpose of LDAP in PKI Piyush Jain
- Re: [pkix] purpose of LDAP in PKI Peter Gutmann
- Re: [pkix] purpose of LDAP in PKI Kemp, David P.
- Re: [pkix] purpose of LDAP in PKI Paul Hoffman
- Re: [pkix] purpose of LDAP in PKI Piyush Jain
- Re: [pkix] purpose of LDAP in PKI Peter Gutmann
- Re: [pkix] purpose of LDAP in PKI Sean Leonard
- Re: [pkix] purpose of LDAP in PKI Phillip Hallam-Baker
- Re: [pkix] purpose of LDAP in PKI Peter Gutmann
- Re: [pkix] purpose of LDAP in PKI Phillip Hallam-Baker
- Re: [pkix] purpose of LDAP in PKI Peter Gutmann
- Re: [pkix] purpose of LDAP in PKI Michael StJohns
- Re: [pkix] purpose of LDAP in PKI Miller, Timothy J.
- Re: [pkix] purpose of LDAP in PKI Kemp, David P.