IETF Logo Mail Archive

Re: [ldapext] New Version Notification for draft-seantek-ldap-pkcs9-04.txt

Sean Leonard <dev+ietf@seantek.com> Wed, 16 March 2016 14:12 UTC

Return-Path: <dev+ietf@seantek.com>
X-Original-To: ldapext@ietfa.amsl.com
Delivered-To: ldapext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA84C12D56F for <ldapext@ietfa.amsl.com>; Wed, 16 Mar 2016 07:12:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3Uz2JQxo9LTH for <ldapext@ietfa.amsl.com>; Wed, 16 Mar 2016 07:12:18 -0700 (PDT)
Received: from mxout-08.mxes.net (mxout-08.mxes.net [216.86.168.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 97B1312D509 for <ldapext@ietf.org>; Wed, 16 Mar 2016 07:12:18 -0700 (PDT)
Received: from [192.168.123.7] (unknown [75.83.2.34]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id CA35550A88; Wed, 16 Mar 2016 10:12:16 -0400 (EDT)
To: Simo Sorce <simo@redhat.com>, Barry Leiba <barryleiba@computer.org>
References: <20160312172032.21235.1985.idtracker@ietfa.amsl.com> <56E45093.1090104@seantek.com> <CAC4RtVCPXuYndv_D5EA2XWaC2t4EBC0rg0CXKRPXBkiO1ceY0A@mail.gmail.com> <1458135247.26218.36.camel@redhat.com>
From: Sean Leonard <dev+ietf@seantek.com>
Message-ID: <56E96A24.3000701@seantek.com>
Date: Wed, 16 Mar 2016 07:13:56 -0700
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <1458135247.26218.36.camel@redhat.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/ldapext/GTI7W7_Vd-oTN9BtEJDHmbgzmKc>
Cc: ldapext <ldapext@ietf.org>
Subject: Re: [ldapext] New Version Notification for draft-seantek-ldap-pkcs9-04.txt
X-BeenThere: ldapext@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: LDAP Extension Working Group <ldapext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ldapext>, <mailto:ldapext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ldapext/>
List-Post: <mailto:ldapext@ietf.org>
List-Help: <mailto:ldapext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ldapext>, <mailto:ldapext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Mar 2016 14:12:20 -0000

On 3/16/2016 6:34 AM, Simo Sorce wrote:
> On Tue, 2016-03-15 at 19:11 +0000, Barry Leiba wrote:
>> Yes, I had thought this might wait for a resurrection of an ldapext
>> working group, but that seems to have stalled.  I'm happy to
>> AD-sponsor this to get the registration done, but I'd like some review
>> and comment from the LDAP folks, and this is the place for that.  Will
>> some of you please take a look at Sean's draft and comment?
> I haven't done proper full review, but I thought aliases was frowned
> upon these days and I see quite a few one(few) char aliases in there,
> why do we need such aliases ?

This draft documents the existing practice of security implementations, 
including MS CryptoAPI and OpenSSL. This should be evaluated through the 
lens of "backwards or long-term systems compatibility", not the lens of 
"these days" (in the LDAP community).

PKIX enabled systems (read: OpenSSL) use LDAP strings (RFC 4514) to 
serialize and de-serialize the Distinguished Names in certificates. 
Parity is required and the only registry is the LDAP Parameters / Object 
Identifier Descriptors registry. These strings have migrated to 
cross-systems protocols. See, e.g., 
draft-martin-authentication-results-tls. Using "e" for emailAddress = 
1.2.840.113549.1.9.1, for example, is simply an historical fact. This 
reminds me, I should probably include a note about "gn" (givenName) in a 
future draft.

Best regards,

Sean

>
> Simo.
>
>> Thanks,
>> Barry, ART AD for another few weeks
>>
>> On Sat, Mar 12, 2016 at 5:23 PM, Sean Leonard <dev+ietf@seantek.com> wrote:
>>> This is a friendly reminder that the LDAP PKCS #9 registration
>>> Internet-Draft is still a live issue.
>>>
>>> Sean
>>>
>>> -------- Forwarded Message --------
>>> Subject:        New Version Notification for draft-seantek-ldap-pkcs9-04.txt
>>> Date:   Sat, 12 Mar 2016 09:20:32 -0800
>>> From:   internet-drafts@ietf.org
>>>
>>>
>>>
>>> A new version of I-D, draft-seantek-ldap-pkcs9-04.txt
>>> has been successfully submitted by Sean Leonard and posted to the
>>> IETF repository.
>>>
>>> Name:           draft-seantek-ldap-pkcs9
>>> Revision:       04
>>> Title:          Lightweight Directory Access Protocol (LDAP) Registrations
>>> for PKCS #9
>>> Document date:  2016-03-12
>>> Group:          Individual Submission
>>> Pages:          7
>>> URL:
>>> https://www.ietf.org/internet-drafts/draft-seantek-ldap-pkcs9-04.txt
>>> Status:         https://datatracker.ietf.org/doc/draft-seantek-ldap-pkcs9/
>>> Htmlized:       https://tools.ietf.org/html/draft-seantek-ldap-pkcs9-04
>>> Diff:
>>> https://www.ietf.org/rfcdiff?url2=draft-seantek-ldap-pkcs9-04
>>>
>>> Abstract:
>>>     PKCS #9 includes several useful definitions that are not yet
>>>     reflected in the LDAP IANA registry. This document adds those
>>>     definitions to the IANA registry.
>>>
>>> _______________________________________________
>>> Ldapext mailing list
>>> Ldapext@ietf.org
>>> https://www.ietf.org/mailman/listinfo/ldapext
>> _______________________________________________
>> Ldapext mailing list
>> Ldapext@ietf.org
>> https://www.ietf.org/mailman/listinfo/ldapext
>

v2.23.0 | Report a Bug | By Email