Re: Certificate server should or shouldn't

From: terry (tteppo@scfaz.com)
Date: 12/19/02 

From: "terry" <tteppo@scfaz.com>
Date: Thu, 19 Dec 2002 10:30:32 -0800

>-----Original Message-----
>
>terry wrote
>
>> with both ad and external web pages for publication?
>
>Sure. There's nothing that says CRLs have to be in AD.
>Do you wish your external community to be able to browse
>for encryption purposes ?

yes, that is the problem. they (external clients) have
to be able to send me encrypted email and data. thus,
they need a way of verifying and recieving the public
key. i thought that signatures would do this but i
realize that they need to communicate with the directory
upon receiving the sig. i was trying/hopeing to find a
way of doing that without the directory like http etc.
after reading more i am thinking that it might not be the
right thing to do.

i suppose i could create a choppedup instance of the
directory on the internet. with just the information
needed. and bogus information in other areas. and then
replicate changed information routinly. seams like work
to me thought but whatever it takes.

> If not then AD access isn't necessary
>at all although you'll have to make sure that your
correspodants
>are sent all of the certificates in the trust chain so
that trust
>can be built locally on the client.
>

the whole cert/line hmmmmm. i see said the blind man.

thank you chris

ps does what i said above about chopping up directory
make sence or is it just the rambalings of a mad person.

>Chris
>
>
>.
>