Re: certificates and CRLs - access and storage

Patrick C. Richard (patr@xcert.com)
Tue, 15 Oct 1996 17:04:02 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: IAN CAESAR @VCO 604-380-2106: "LDAP library for VB 4 (32-bit) 1"
Previous message: Jeffrey Weiss: "Failing Access Control"

> On Fri, 11 Oct 1996, Tim Dean wrote:
>
> > Date: Fri, 11 Oct 1996 16:21:28 +0000
> > From: Tim Dean <DEAN@hydra.dra.hmg.gb>
> > To: ietf-pkix@tandem.com, ldap@umich.edu
> > Subject: certificates and CRLs - access and storage
> >
> > Has anyone out there had experience in storing
> > X.509 certificates/certificate revocation lists on a slapd server? Are
> > there any pitfalls that we should know about? What are the problems with
> > using LDAP to retrieve certificates/CRLs?
>

The CA demo site at http://www.x509.com has always been using
LDAP/SSL-LDAP as the basis for it's PKI.

We have solved the access issues by using SSL LDAP and incorporating
client authentication with the native ACL mechanisms in the Umich
implementation.

The beauty is that you can have a context-sensitive PKI (and for that
matter, object distribution) by basing the results of the LDAP query
on some portion of the connecting client DN, which is "guaranteed" by the
use of strong authentication.

Pat Richard
patr@x509.com

>
> >
> > Any helpful hints/pointers gratefully received!
> >
> > Tim Dean
> > DRA-Malvern
> > UK
> >
>

Next message: IAN CAESAR @VCO 604-380-2106: "LDAP library for VB 4 (32-bit) 1"
Previous message: Jeffrey Weiss: "Failing Access Control"