X.509 and the Directory

Jaenson Mika (MJN@ausys.se)
Mon, 16 Sep 1996 11:07:19 +0100

I've been surfing the net for a wail without finding the info I require,
so I'll try this list to get some guidance. My apologies if it is not
the proper forum, but I'll try anyway.

What I'm interested in is ideas on storage and retrieval of X.509
certificates and CRLs in X.500 directories, both via DAP and LDAP. I've
been looking through some RFCs and ISO standard documents, and from what
I gather there are some problems with the currently defined standards:

- only possible to store 'un-signed' user and CA certificates, without
the CA-signature
- maximum size of a CRL is 32503 bytes, which is highly insufficient, at
least with v2 CRL:s
- no real standard for the actual content of the certificate, i.e. how
to compose a RDN from the subject, that is possible and natural to use
when searching a certificate in the directory.

Could someone please direct me to some papers on these issues or even
better explain to me the proposed usage of the X.500 directory in these
areas, including attribute/object id:s etc.

Mika Jaenson <mjn@ausys.se>
AU-System AB, Box 47612, S-117 94 Stockholm, Sweden
(Road map: http://www.ausys.se/ausystem/mapaus.gif)
Voice: +46-8-7267588 Fax: +46-8-193322