On Aug 28, 2013, at 11:18 AM, Dave Horsfall <d...@horsfall.org> wrote:

> On Wed, 28 Aug 2013, Perry E. Metzger wrote:
>> Anyway, I've already started implementing my proposed solution to that 
>> part of the problem. There is still a need for a distributed database to 
>> handle the lookup load, though, and one that is not the DNS.
> (Delurking)
> This suggests the use of LDAP.

 I don't see that at all. In fact I think that nothing has hurt deployment of 
PKI more than LDAP. 

The problem for the email client is very simple:

"What is the key etc. to send email to al...@example.com"

I can solve that very easily with a HTTP lookup or a very short Web Service 
with JSON query syntax. If LDAP is involved there will be a consultant setting 
up the directory and building fancy DIT trees and racking up bills of $100,000+ 
for something that makes no difference to the actual query.

Now if the certs are already in an LDAP directory then fine, lets pull data 
from that resource. But if they are not in LDAP already there are much easier 
ways to interface a database of certs to a query interface.

The cryptography mailing list

Reply via email to