IETF Logo Mail Archive

Re: [pkix] purpose of LDAP in PKI

Bilal Ashraf <bilal.ashraf@ascertia.com> Mon, 18 February 2013 14:06 UTC

Return-Path: <bilal.ashraf@ascertia.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 80C0A21F88DB for <pkix@ietfa.amsl.com>; Mon, 18 Feb 2013 06:06:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1BQl+yvq6Gg3 for <pkix@ietfa.amsl.com>; Mon, 18 Feb 2013 06:06:33 -0800 (PST)
Received: from mail.ascertia.com (www.ascertia.com [94.136.44.32]) by ietfa.amsl.com (Postfix) with ESMTP id 905B821F886B for <pkix@ietf.org>; Mon, 18 Feb 2013 06:06:33 -0800 (PST)
Received: from [192.168.0.85] ([202.141.240.172]) by ascertia.com with MailEnable ESMTP; Mon, 18 Feb 2013 14:08:48 +0000
Message-ID: <5122351B.1070804@ascertia.com>
Date: Mon, 18 Feb 2013 19:05:15 +0500
From: Bilal Ashraf <bilal.ashraf@ascertia.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130107 Thunderbird/17.0.2
MIME-Version: 1.0
To: Andris Berzins <pkix@inbox.lv>
References: <9A043F3CF02CD34C8E74AC1594475C733340DA1B@uxcn10-2.UoA.auckland.ac.nz> <1361195591.51223247ad553@mail.inbox.lv>
In-Reply-To: <1361195591.51223247ad553@mail.inbox.lv>
Content-Type: multipart/alternative; boundary="------------040101040805060102030909"
Cc: pkix@ietf.org
Subject: Re: [pkix] purpose of LDAP in PKI
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Feb 2013 14:06:34 -0000

One possible use case could be that others can use your certificate 
(from LDAP) for encryption e.g. sending encrypted emails or encrypted 
documents to you.

The other possible use case could be SSL client authentication where 
certificates are presented by client and matched by applications against 
user certificates published at LDAP.

Regards,
Bilal.

On 2/18/2013 6:53 PM, Andris Berzins wrote:
>
>
>
> Quoting *Peter Gutmann <pgut001@cs.auckland.ac.nz> 
> <mailto:pgut001@cs.auckland.ac.nz>*:
>
>     Andris Berzins <pkix@inbox.lv> writes:
>
>     >What could be the reason why end user certificates should be
>     stored in LDAP
>     >by the CA and made publicly available?
>
>     There isn't one. It's (ancient) historical baggage based on
>     X.509's origins
>     in X.500, and some of the people writing the standards haven't
>     realised yet
>     that HTTP won.
>
>
>
> When I apply for ID-card having authentication and qualified signature 
> certificate on it,
> I have to checkbox whether I want my certificates to be published in LDAP.
> I get no clear answer how could I benefit from my certificates being 
> published.
>
>
>
>
>     Peter.
>     _______________________________________________
>     pkix mailing list
>     pkix@ietf.org
>     https://www.ietf.org/mailman/listinfo/pkix
>
>
>
>
>
> _______________________________________________
> pkix mailing list
> pkix@ietf.org
> https://www.ietf.org/mailman/listinfo/pkix

v2.23.0 | Report a Bug | By Email