IETF Logo Mail Archive

Re: [pkix] purpose of LDAP in PKI

Denis Pinkas <denis.pinkas@bull.net> Mon, 18 February 2013 14:00 UTC

Return-Path: <denis.pinkas@bull.net>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15E0921F886B for <pkix@ietfa.amsl.com>; Mon, 18 Feb 2013 06:00:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.648
X-Spam-Level:
X-Spam-Status: No, score=-3.648 tagged_above=-999 required=5 tests=[BAYES_50=0.001, HELO_EQ_FR=0.35, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uqlcSma93pdl for <pkix@ietfa.amsl.com>; Mon, 18 Feb 2013 06:00:18 -0800 (PST)
Received: from odin2.bull.net (odin2.bull.net [129.184.85.11]) by ietfa.amsl.com (Postfix) with ESMTP id B9EA421F87B2 for <pkix@ietf.org>; Mon, 18 Feb 2013 06:00:17 -0800 (PST)
Received: from MSGC-007.bull.fr (unknown [129.184.87.136]) by odin2.bull.net (Bull S.A.) with ESMTP id CBDEE1D1DB for <pkix@ietf.org>; Mon, 18 Feb 2013 15:00:16 +0100 (CET)
Received: from [127.0.0.1] ([129.182.108.120]) by MSGC-007.bull.fr (Lotus Domino Release 8.5.3FP1) with ESMTP id 2013021815001640-37354 ; Mon, 18 Feb 2013 15:00:16 +0100
Message-ID: <512233EC.4060807@bull.net>
Date: Mon, 18 Feb 2013 15:00:12 +0100
From: Denis Pinkas <denis.pinkas@bull.net>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:17.0) Gecko/20130107 Thunderbird/17.0.2
MIME-Version: 1.0
To: pkix@ietf.org
References: <9A043F3CF02CD34C8E74AC1594475C733340DA1B@uxcn10-2.UoA.auckland.ac.nz> <1361195591.51223247ad553@mail.inbox.lv>
In-Reply-To: <1361195591.51223247ad553@mail.inbox.lv>
X-MIMETrack: Itemize by SMTP Server on MSGC-007/SRV/BULL(Release 8.5.3FP1|March 07, 2012) at 18/02/2013 15:00:16, Serialize by Router on MSGC-007/SRV/BULL(Release 8.5.3FP1|March 07, 2012) at 18/02/2013 15:00:16, Serialize complete at 18/02/2013 15:00:16
X-TNEFEvaluated: 1
Content-Type: multipart/alternative; boundary="------------030107040300070300010903"
Subject: Re: [pkix] purpose of LDAP in PKI
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Feb 2013 14:00:19 -0000

Andris,

Making certificates publicly available may only be done with the 
agreement of the end-user.

There are no benefits for certificates being used for authentication or 
non repudiation, but only inconveniences: .
in particular : lack of privacy, and ability to know how many customers 
the CAs has.

Denis

>
>
>
> Quoting *Peter Gutmann <pgut001@cs.auckland.ac.nz> 
> <mailto:pgut001@cs.auckland.ac.nz>*:
>
>     Andris Berzins <pkix@inbox.lv> writes:
>
>     >What could be the reason why end user certificates should be
>     stored in LDAP
>     >by the CA and made publicly available?
>
>     There isn't one. It's (ancient) historical baggage based on
>     X.509's origins
>     in X.500, and some of the people writing the standards haven't
>     realised yet
>     that HTTP won.
>
>
>
> When I apply for ID-card having authentication and qualified signature 
> certificate on it,
> I have to checkbox whether I want my certificates to be published in LDAP.
> I get no clear answer how could I benefit from my certificates being 
> published.
>
>
>
>
>     Peter.
>     _______________________________________________
>     pkix mailing list
>     pkix@ietf.org
>     https://www.ietf.org/mailman/listinfo/pkix
>
>
>
>
>
> _______________________________________________
> pkix mailing list
> pkix@ietf.org
> https://www.ietf.org/mailman/listinfo/pkix

v2.23.0 | Report a Bug | By Email