Massimiliano Pala wrote: > > Michael Bell wrote: > > 1. How do you want to store the status in the LDAP-server (it's not the > > standardserver where we publish the certs). > > We could use the server where we publish certificates requiring the LDAP > manager to include an objectclass that will include the status: attribute,
This is quite dangerous. What do you want to do if you revoke a never published certificate? Do you want to publish it after the revocation? What do you want to do if one LDAP-node owns several certificates (userCertificate can contain more than a single certificate)? LDAP knows no order for binary attributes. > > 2. SQL requires several different DB-drivers so we have to find a way > > like perl's DBI. > > We could use "Embedded SQL" to include query into C source code, it is quite > easy, indeed. No, it's not. If we use perl the user can download a module from cpan.org and install it. If we use Embedded SQL then the user must support us with a driver and some headerfiles in the right place and that's a problem - I know how long you can search if something goes wrong with such a driver. Do you know the transportprotocol of OCSP (I read RFC 2560 and I think we could use http)? Must we create a daemon or could we use a server like apache? What is with the code from OpenSSL (openssl ocsp ...)? Michael -- ------------------------------------------------------------------- Michael Bell Email (private): [EMAIL PROTECTED] Rechenzentrum - Datacenter Email: [EMAIL PROTECTED] Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482 Unter den Linden 6 Fax: +49 (0)30-2093 2959 10099 Berlin Germany [OpenCA Core Developer] http://openca.sourceforge.net _______________________________________________ OpenCA-Devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-devel
