Deficiencies in LDAP when used to support a Public Key Infrastructure

Chadwick, David W. (2003) Deficiencies in LDAP when used to support a Public Key Infrastructure. Communications of the ACM, 46 (3). pp. 99-104. ISSN 0001-0782. (The full text of this publication is not currently available from this repository. You may be able to access a copy if URLs are provided)

The full text of this publication is not available from this repository. (Contact us about this Publication)
Official URL


The lightweight directory access protocol (LDAP) is the Internet standard way of accessing directory services that conform to the X.500 data model. It is very widely supported by all the leading software vendors, and is part of Windows 2000 Active Directory. LDAP comes in two versions: * LDAPv2 - the original lightweight variation of the X.500 Directory Access Protocol (DAP), and * LDAPv3 [10] - the heavyweight version. Whilst the DAP was designed from its inception to support public key infrastructures (PKIs), being part of the same X.500 family of standards as X.509, LDAP was not. LDAP has however become the predominant protocol in support of PKIs accessing directory services for certificates and certificate revocation lists (CRLs), but because of its lineage, it has some deficiencies. This paper describes the deficiencies in both the LDAPv2 and v3 protocols, along with the solutions that have been and are being standardised within the IETF to rectify them. The deficiencies are documented firstly for a centralised directory service, in which a single standalone LDAP server is used to support a single PKI, and secondly for a distributed directory service, in which there are many LDAP servers that need to co-operate in order to support a network of interconnected PKIs.

Item Type: Article
Subjects: Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming,
Divisions: Faculties > Science Technology and Medical Studies > School of Computing > Security Group
Depositing User: Mark Wheadon
Date Deposited: 24 Nov 2008 18:01
Last Modified: 20 May 2011 23:35
Resource URI: (The current URI for this page, for reference purposes)
  • Depositors only (login required):


Downloads per month over past year