Re: [pkix] purpose of LDAP in PKI
Denis Pinkas <denis.pinkas@bull.net> Mon, 18 February 2013 14:00 UTC
Return-Path: <denis.pinkas@bull.net>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15E0921F886B for <pkix@ietfa.amsl.com>; Mon, 18 Feb 2013 06:00:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.648
X-Spam-Level:
X-Spam-Status: No, score=-3.648 tagged_above=-999 required=5 tests=[BAYES_50=0.001, HELO_EQ_FR=0.35, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uqlcSma93pdl for <pkix@ietfa.amsl.com>; Mon, 18 Feb 2013 06:00:18 -0800 (PST)
Received: from odin2.bull.net (odin2.bull.net [129.184.85.11]) by ietfa.amsl.com (Postfix) with ESMTP id B9EA421F87B2 for <pkix@ietf.org>; Mon, 18 Feb 2013 06:00:17 -0800 (PST)
Received: from MSGC-007.bull.fr (unknown [129.184.87.136]) by odin2.bull.net (Bull S.A.) with ESMTP id CBDEE1D1DB for <pkix@ietf.org>; Mon, 18 Feb 2013 15:00:16 +0100 (CET)
Received: from [127.0.0.1] ([129.182.108.120]) by MSGC-007.bull.fr (Lotus Domino Release 8.5.3FP1) with ESMTP id 2013021815001640-37354 ; Mon, 18 Feb 2013 15:00:16 +0100
Message-ID: <512233EC.4060807@bull.net>
Date: Mon, 18 Feb 2013 15:00:12 +0100
From: Denis Pinkas <denis.pinkas@bull.net>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:17.0) Gecko/20130107 Thunderbird/17.0.2
MIME-Version: 1.0
To: pkix@ietf.org
References: <9A043F3CF02CD34C8E74AC1594475C733340DA1B@uxcn10-2.UoA.auckland.ac.nz> <1361195591.51223247ad553@mail.inbox.lv>
In-Reply-To: <1361195591.51223247ad553@mail.inbox.lv>
X-MIMETrack: Itemize by SMTP Server on MSGC-007/SRV/BULL(Release 8.5.3FP1|March 07, 2012) at 18/02/2013 15:00:16, Serialize by Router on MSGC-007/SRV/BULL(Release 8.5.3FP1|March 07, 2012) at 18/02/2013 15:00:16, Serialize complete at 18/02/2013 15:00:16
X-TNEFEvaluated: 1
Content-Type: multipart/alternative; boundary="------------030107040300070300010903"
Subject: Re: [pkix] purpose of LDAP in PKI
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Feb 2013 14:00:19 -0000
Andris, Making certificates publicly available may only be done with the agreement of the end-user. There are no benefits for certificates being used for authentication or non repudiation, but only inconveniences: . in particular : lack of privacy, and ability to know how many customers the CAs has. Denis > > > > Quoting *Peter Gutmann <pgut001@cs.auckland.ac.nz> > <mailto:pgut001@cs.auckland.ac.nz>*: > > Andris Berzins <pkix@inbox.lv> writes: > > >What could be the reason why end user certificates should be > stored in LDAP > >by the CA and made publicly available? > > There isn't one. It's (ancient) historical baggage based on > X.509's origins > in X.500, and some of the people writing the standards haven't > realised yet > that HTTP won. > > > > When I apply for ID-card having authentication and qualified signature > certificate on it, > I have to checkbox whether I want my certificates to be published in LDAP. > I get no clear answer how could I benefit from my certificates being > published. > > > > > Peter. > _______________________________________________ > pkix mailing list > pkix@ietf.org > https://www.ietf.org/mailman/listinfo/pkix > > > > > > _______________________________________________ > pkix mailing list > pkix@ietf.org > https://www.ietf.org/mailman/listinfo/pkix
- Re: [pkix] purpose of LDAP in PKI Peter Gutmann
- [pkix] purpose of LDAP in PKI Andris Berzins
- [pkix] purpose of LDAP in PKI Peter Gutmann
- Re: [pkix] purpose of LDAP in PKI Andris Berzins
- Re: [pkix] purpose of LDAP in PKI Denis Pinkas
- Re: [pkix] purpose of LDAP in PKI Bilal Ashraf
- Re: [pkix] purpose of LDAP in PKI Goulet, Walter
- Re: [pkix] purpose of LDAP in PKI Joel Kazin
- Re: [pkix] purpose of LDAP in PKI Peter Gutmann
- Re: [pkix] purpose of LDAP in PKI Erik Andersen
- Re: [pkix] purpose of LDAP in PKI Ferda Topcan
- Re: [pkix] purpose of LDAP in PKI Michael StJohns
- Re: [pkix] purpose of LDAP in PKI Piyush Jain
- Re: [pkix] purpose of LDAP in PKI Peter Gutmann
- Re: [pkix] purpose of LDAP in PKI Kemp, David P.
- Re: [pkix] purpose of LDAP in PKI Paul Hoffman
- Re: [pkix] purpose of LDAP in PKI Piyush Jain
- Re: [pkix] purpose of LDAP in PKI Peter Gutmann
- Re: [pkix] purpose of LDAP in PKI Sean Leonard
- Re: [pkix] purpose of LDAP in PKI Phillip Hallam-Baker
- Re: [pkix] purpose of LDAP in PKI Peter Gutmann
- Re: [pkix] purpose of LDAP in PKI Phillip Hallam-Baker
- Re: [pkix] purpose of LDAP in PKI Peter Gutmann
- Re: [pkix] purpose of LDAP in PKI Michael StJohns
- Re: [pkix] purpose of LDAP in PKI Miller, Timothy J.
- Re: [pkix] purpose of LDAP in PKI Kemp, David P.