Re: [pkix] purpose of LDAP in PKI
Ferda Topcan <ferda.topcan@tubitak.gov.tr> Mon, 18 February 2013 17:01 UTC
Return-Path: <ferda.topcan@tubitak.gov.tr>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4688621F8C3E for <pkix@ietfa.amsl.com>; Mon, 18 Feb 2013 09:01:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.173
X-Spam-Level: *
X-Spam-Status: No, score=1.173 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_TR=0.935, RCVD_BAD_ID=2.837]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zq+y3TrKuzGp for <pkix@ietfa.amsl.com>; Mon, 18 Feb 2013 09:01:03 -0800 (PST)
Received: from sg01.tubitak.gov.tr (mta.tubitak.gov.tr [193.140.13.205]) by ietfa.amsl.com (Postfix) with ESMTP id 330AC21F8C2D for <pkix@ietf.org>; Mon, 18 Feb 2013 09:01:02 -0800 (PST)
Received: (surgate 49709 invoked by uid 1001); 18 Feb 2013 17:00:55 -0000
Received: from unknown (HELO mta01.tubitak.gov.tr) (193.140.13.215) by 0 with SMTP; 18 Feb 2013 16:58:37 -0000
Received: from localhost (localhost [127.0.0.1])by mta01.tubitak.gov.tr (Postfix) with ESMTP id BF5A31E2FB7; Mon, 18 Feb 2013 17:02:45 +0200 (EET)
X-Virus-Scanned: amavisd-new at mta01.tubitak.gov.tr
Received: from mta01.tubitak.gov.tr ([127.0.0.1])by localhost (mta01.tubitak.gov.tr [127.0.0.1]) (amavisd-new, port 10024)with ESMTP id qgHOl_qN9cww; Mon, 18 Feb 2013 17:02:44 +0200 (EET)
Received: by mta01.tubitak.gov.tr (Postfix, from userid 89)id 4C2FE1E2F08; Mon, 18 Feb 2013 16:57:44 +0200 (EET)
Received: from localhost (localhost [127.0.0.1])by mta01.tubitak.gov.tr (Postfix) with ESMTP id C78F81E340E; Mon, 18 Feb 2013 16:50:00 +0200 (EET)
X-Virus-Scanned: amavisd-new at mta01.tubitak.gov.tr
Received: from mta01.tubitak.gov.tr ([127.0.0.1])by localhost (mta01.tubitak.gov.tr [127.0.0.1]) (amavisd-new, port 10026)with ESMTP id yXtO0xR9gRvi; Mon, 18 Feb 2013 16:49:59 +0200 (EET)
Received: from mail02.tubitak.gov.tr (mail02.tubitak.gov.tr [10.250.10.220])by mta01.tubitak.gov.tr (Postfix) with ESMTP id B8AD61E350C; Mon, 18 Feb 2013 16:46:25 +0200 (EET)
From: Ferda Topcan <ferda.topcan@tubitak.gov.tr>
To: 'Peter Gutmann' <pgut001@cs.auckland.ac.nz>, pkix@ietf.org
References: <9A043F3CF02CD34C8E74AC1594475C733340DAA7@uxcn10-2.UoA.auckland.ac.nz>
In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C733340DAA7@uxcn10-2.UoA.auckland.ac.nz>
Date: Mon, 18 Feb 2013 16:46:25 +0200
Message-ID: <24ed668b.00000dc8.0000000c@UEKAE-PC>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
X-Mailer: Zimbra 8.0.0_GA_5434 (ZimbraConnectorForOutlook/7.1.4.6356)
Thread-Index: Bd0cS1MKQAbF+8qJcIPU2MdLzU+3Ag==
X-MimeOLE: Produced By Microsoft MimeOLE V6.1.7601.17609
X-Originating-IP: [10.250.10.218]
Thread-Topic: purpose of LDAP in PKI
X-SMTP-Filter: SurGATE SMTP Filter EngineRelease 4.0 ($Revision: 523 $)
X-SurGATE-Result: Clean (Content eval: -10.00 points)
X-SurGATE-Reason:
Subject: Re: [pkix] purpose of LDAP in PKI
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Feb 2013 17:01:05 -0000
Actually we do not need to publish signer certificate publicly. Because signer certificate can be obtained from signature package as defined in PKCS#7. But in case of mobile signature signer certificate needs to be published. Because signer certificate is not available in SIM card. And signature creation application needs the signer certificate before signing process to construct the ESS-Signing-Certificate attribute. Ferda TOPCAN ................................................................ <http://www.tubitak.gov.tr/> Disclaimer <http://www.tubitak.gov.tr/disclaimer> -----Original Message----- From: pkix-bounces@ietf.org [mailto:pkix-bounces@ietf.org] On Behalf Of Peter Gutmann Sent: Monday, February 18, 2013 4:26 PM To: pkix@ietf.org Subject: Re: [pkix] purpose of LDAP in PKI "Goulet, Walter" <Walter.Goulet@rsa.com> writes: >Basically, exposing your certificate via LDAP makes it *much* easier for >other applications to actually use your certificate. This should really be: Basically, exposing your certificate makes it *much* easier for other applications to actually use your certificate. The built-in assumption in the original statement that LDAP is the only way to do this is at best incorrect, at worst dangerous (it implies that you need to LDAP-enable an application, configure and run an LDAP server, and get things to talk LDAP to each other, which can be enough to sink a PKI project). Peter. _______________________________________________ pkix mailing list pkix@ietf.org https://www.ietf.org/mailman/listinfo/pkix
- Re: [pkix] purpose of LDAP in PKI Peter Gutmann
- [pkix] purpose of LDAP in PKI Andris Berzins
- [pkix] purpose of LDAP in PKI Peter Gutmann
- Re: [pkix] purpose of LDAP in PKI Andris Berzins
- Re: [pkix] purpose of LDAP in PKI Denis Pinkas
- Re: [pkix] purpose of LDAP in PKI Bilal Ashraf
- Re: [pkix] purpose of LDAP in PKI Goulet, Walter
- Re: [pkix] purpose of LDAP in PKI Joel Kazin
- Re: [pkix] purpose of LDAP in PKI Peter Gutmann
- Re: [pkix] purpose of LDAP in PKI Erik Andersen
- Re: [pkix] purpose of LDAP in PKI Ferda Topcan
- Re: [pkix] purpose of LDAP in PKI Michael StJohns
- Re: [pkix] purpose of LDAP in PKI Piyush Jain
- Re: [pkix] purpose of LDAP in PKI Peter Gutmann
- Re: [pkix] purpose of LDAP in PKI Kemp, David P.
- Re: [pkix] purpose of LDAP in PKI Paul Hoffman
- Re: [pkix] purpose of LDAP in PKI Piyush Jain
- Re: [pkix] purpose of LDAP in PKI Peter Gutmann
- Re: [pkix] purpose of LDAP in PKI Sean Leonard
- Re: [pkix] purpose of LDAP in PKI Phillip Hallam-Baker
- Re: [pkix] purpose of LDAP in PKI Peter Gutmann
- Re: [pkix] purpose of LDAP in PKI Phillip Hallam-Baker
- Re: [pkix] purpose of LDAP in PKI Peter Gutmann
- Re: [pkix] purpose of LDAP in PKI Michael StJohns
- Re: [pkix] purpose of LDAP in PKI Miller, Timothy J.
- Re: [pkix] purpose of LDAP in PKI Kemp, David P.