IETF Logo Mail Archive

Re: [pkix] purpose of LDAP in PKI

Ferda Topcan <ferda.topcan@tubitak.gov.tr> Mon, 18 February 2013 17:01 UTC

Return-Path: <ferda.topcan@tubitak.gov.tr>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4688621F8C3E for <pkix@ietfa.amsl.com>; Mon, 18 Feb 2013 09:01:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.173
X-Spam-Level: *
X-Spam-Status: No, score=1.173 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_TR=0.935, RCVD_BAD_ID=2.837]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zq+y3TrKuzGp for <pkix@ietfa.amsl.com>; Mon, 18 Feb 2013 09:01:03 -0800 (PST)
Received: from sg01.tubitak.gov.tr (mta.tubitak.gov.tr [193.140.13.205]) by ietfa.amsl.com (Postfix) with ESMTP id 330AC21F8C2D for <pkix@ietf.org>; Mon, 18 Feb 2013 09:01:02 -0800 (PST)
Received: (surgate 49709 invoked by uid 1001); 18 Feb 2013 17:00:55 -0000
Received: from unknown (HELO mta01.tubitak.gov.tr) (193.140.13.215) by 0 with SMTP; 18 Feb 2013 16:58:37 -0000
Received: from localhost (localhost [127.0.0.1])by mta01.tubitak.gov.tr (Postfix) with ESMTP id BF5A31E2FB7; Mon, 18 Feb 2013 17:02:45 +0200 (EET)
X-Virus-Scanned: amavisd-new at mta01.tubitak.gov.tr
Received: from mta01.tubitak.gov.tr ([127.0.0.1])by localhost (mta01.tubitak.gov.tr [127.0.0.1]) (amavisd-new, port 10024)with ESMTP id qgHOl_qN9cww; Mon, 18 Feb 2013 17:02:44 +0200 (EET)
Received: by mta01.tubitak.gov.tr (Postfix, from userid 89)id 4C2FE1E2F08; Mon, 18 Feb 2013 16:57:44 +0200 (EET)
Received: from localhost (localhost [127.0.0.1])by mta01.tubitak.gov.tr (Postfix) with ESMTP id C78F81E340E; Mon, 18 Feb 2013 16:50:00 +0200 (EET)
X-Virus-Scanned: amavisd-new at mta01.tubitak.gov.tr
Received: from mta01.tubitak.gov.tr ([127.0.0.1])by localhost (mta01.tubitak.gov.tr [127.0.0.1]) (amavisd-new, port 10026)with ESMTP id yXtO0xR9gRvi; Mon, 18 Feb 2013 16:49:59 +0200 (EET)
Received: from mail02.tubitak.gov.tr (mail02.tubitak.gov.tr [10.250.10.220])by mta01.tubitak.gov.tr (Postfix) with ESMTP id B8AD61E350C; Mon, 18 Feb 2013 16:46:25 +0200 (EET)
From: Ferda Topcan <ferda.topcan@tubitak.gov.tr>
To: 'Peter Gutmann' <pgut001@cs.auckland.ac.nz>, pkix@ietf.org
References: <9A043F3CF02CD34C8E74AC1594475C733340DAA7@uxcn10-2.UoA.auckland.ac.nz>
In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C733340DAA7@uxcn10-2.UoA.auckland.ac.nz>
Date: Mon, 18 Feb 2013 16:46:25 +0200
Message-ID: <24ed668b.00000dc8.0000000c@UEKAE-PC>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
X-Mailer: Zimbra 8.0.0_GA_5434 (ZimbraConnectorForOutlook/7.1.4.6356)
Thread-Index: Bd0cS1MKQAbF+8qJcIPU2MdLzU+3Ag==
X-MimeOLE: Produced By Microsoft MimeOLE V6.1.7601.17609
X-Originating-IP: [10.250.10.218]
Thread-Topic: purpose of LDAP in PKI
X-SMTP-Filter: SurGATE SMTP Filter EngineRelease 4.0 ($Revision: 523 $)
X-SurGATE-Result: Clean (Content eval: -10.00 points)
X-SurGATE-Reason:
Subject: Re: [pkix] purpose of LDAP in PKI
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Feb 2013 17:01:05 -0000

Actually we do not need to publish signer certificate publicly. Because
signer certificate can be obtained from signature package as defined in
PKCS#7. 

But in case of mobile signature signer certificate needs to be published.
Because signer certificate is not available in SIM card. And signature
creation application needs the signer certificate before signing process
to construct the ESS-Signing-Certificate attribute. 

Ferda TOPCAN
................................................................

 <http://www.tubitak.gov.tr/>  

Disclaimer <http://www.tubitak.gov.tr/disclaimer> 

-----Original Message-----
From: pkix-bounces@ietf.org [mailto:pkix-bounces@ietf.org] On Behalf Of
Peter Gutmann
Sent: Monday, February 18, 2013 4:26 PM
To: pkix@ietf.org
Subject: Re: [pkix] purpose of LDAP in PKI

"Goulet, Walter" <Walter.Goulet@rsa.com> writes:

>Basically, exposing your certificate via LDAP makes it *much* easier for
>other applications to actually use your certificate.

This should really be:

  Basically, exposing your certificate makes it *much* easier for other
  applications to actually use your certificate.

The built-in assumption in the original statement that LDAP is the only
way to
do this is at best incorrect, at worst dangerous (it implies that you need
to
LDAP-enable an application, configure and run an LDAP server, and get
things
to talk LDAP to each other, which can be enough to sink a PKI project).

Peter.
_______________________________________________
pkix mailing list
pkix@ietf.org
https://www.ietf.org/mailman/listinfo/pkix

v2.23.0 | Report a Bug | By Email