On Aug 28, 2013, at 11:18 AM, Dave Horsfall <d...@horsfall.org> wrote:
> On Wed, 28 Aug 2013, Perry E. Metzger wrote: > >> Anyway, I've already started implementing my proposed solution to that >> part of the problem. There is still a need for a distributed database to >> handle the lookup load, though, and one that is not the DNS. > > (Delurking) > > This suggests the use of LDAP. I don't see that at all. In fact I think that nothing has hurt deployment of PKI more than LDAP. The problem for the email client is very simple: "What is the key etc. to send email to al...@example.com" I can solve that very easily with a HTTP lookup or a very short Web Service with JSON query syntax. If LDAP is involved there will be a consultant setting up the directory and building fancy DIT trees and racking up bills of $100,000+ for something that makes no difference to the actual query. Now if the certs are already in an LDAP directory then fine, lets pull data from that resource. But if they are not in LDAP already there are much easier ways to interface a database of certs to a query interface. _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography