I know that X.509 has a life outside directories and that X.509 in some places makes unnecessary references to Directory. Directory is not a fantasy. There many thousands or maybe millions of Microsoft Active Directories spinning every day. A lot of other LDAP systems are out there. All Identity Management System have a directory, mostly LDAP, as a major component. X.500 is also very much alive and kicking. Erik Andersen Andersen's L-Service Elsevej 48, DK-3500 Vaerloese Denmark Mobile: +45 2097 1490 e-amail: era@xxxxxxx Skype: andersen-erik http://www.x500.eu/ http://www.x500standard.com/ http://dk.linkedin.com/in/andersenerik -----Oprindelig meddelelse----- Fra: pkix-bounces@xxxxxxxx [mailto:pkix-bounces@xxxxxxxx] På vegne af Peter Gutmann Sendt: 8. juli 2011 06:34 Til: David.Wilson@xxxxxxxxx; x500standard@xxxxxxxxxxxxx Cc: pkix@xxxxxxxx; t09sg17q11@xxxxxxxxxxxxx Emne: Re: [pkix] [x500standard] SV: [Spam] Re: DER encoding of certificates David Wilson <David.Wilson@xxxxxxxxx> writes: >This is already specified in X.509 (end of section 6): > >"When checking signatures in received data, [the Directory] shall check the >signature against the actual data received rather than its conversion of the >received data to a distinguished encoding." Just to be pedantic, I guess I should point out that since X.509 seems to be written in terms of some fantasy entity called The Directory, it doesn't apply to anything that actually exists. Applying a strict interpretation, nothing is actually bound by X.509 in this case. Peter. _______________________________________________ pkix mailing list pkix@xxxxxxxx https://www.ietf.org/mailman/listinfo/pkix ----- www.x500standard.com: The central source for information on the X.500 Directory Standard.