Defect report 074 for DUA abstrct syntax
"John H. Dale" <jdale@tango.cos.com> Wed, 06 January 1993 20:13 UTC
Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa08677; 6 Jan 93 15:13 EST
Received: from CNRI.RESTON.VA.US by IETF.CNRI.Reston.VA.US id aa08673; 6 Jan 93 15:13 EST
Received: from haig.cs.ucl.ac.uk by CNRI.Reston.VA.US id aa21791; 6 Jan 93 15:14 EST
Received: from bells.cs.ucl.ac.uk by haig.cs.ucl.ac.uk with local SMTP id <g.03969-0@haig.cs.ucl.ac.uk>; Wed, 6 Jan 1993 19:19:35 +0000
Received: from cos.com by bells.cs.ucl.ac.uk with Internet SMTP id <g.15452-0@bells.cs.ucl.ac.uk>; Wed, 6 Jan 1993 19:19:26 +0000
Received: from tango.cos.com by coincd4000.cos.com id SMTP-0012b4b3052015233; Wed, 6 Jan 93 14:17:39 -0500
Received: from twiddle.cos.com by tango.cos.com (4.1/SMI-4.1) id AA11150; Wed, 6 Jan 93 14:14:47 EST
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: "John H. Dale" <jdale@tango.cos.com>
Message-Id: <9301061914.AA11150@tango.cos.com>
Subject: Defect report 074 for DUA abstrct syntax
To: OIW DS SIG <dssig@ics.uci.edu>, osids <osi-ds@cs.ucl.ac.uk>
Date: Wed, 06 Jan 1993 14:13:58 -0500
X-Mailer: ELM [version 2.3 PL6]
This defect report would have a bearing on the draft ISP being submitted by the workshops. I supect that the proposed proposed solution, a change to the 1988 standard, would require changes to DUAs that would, in many cases, be non-trivial. Following is material extracted from the defect report, then some comments. Defect Report 9594/074 Source: Australia (SAA) Defect report concerning: X.519 and (9594-5) Qualifier: Omission References: 7.5 (see Tech. Corr. 3) Nature of Defect: Technical Corrigendum 3 specifies rules for DUAs and DSAs that allow these systems to interwork with later edition systems that use extended protocols. However, the only rules specified for DUAs concern unknown attribute types and values, and unknown errors. The 1992 extensions to X.500/9594 make it possible for a DUA to receive unknown elements in SETs, specifically matchedSubType in CompareResult, and incompleteEntry in EntryInformation. These may be returned to a 1988 DUA through the operation being processed by a 1992 DSA. Solution Proposed by the source: To a void a 1988 DUA treating these 'unexpected' additional protocol elements as protocol errors, we propose that the DUA support the same rules of extensibility as specified for DSAs in 7.5.2.2. Now my comments: The problem is real and cannot be ignored. However, I wonder if the solution proposed will be feasible to implement in all 1988 DUAs. The rules of extensibilty that have been made mandatory for 1988 DSAs require that all unknown tags be ignored. Essentially, if somebody sends you a PDU with a tag than is not in the ASN.1 defintions, you must ignore the ASN.1 element, rather than aborting the association, as was the case in the original 1988 standard. This will will probably require changes in the ASN.1 decoders, perhaps in the complilers. I'm not questioning the need for DSAs to work this way. But I'm wondering how likely it is that we will see such a change extended to the DUA and DUA toolkits before 1992 DSAs begin to be deployed. If it is feasible to make this modification to DUAs, then we should make the this changes to the standard as soon as possible. If it is not feasible, we should consider fixes that might be more feasible, e.g.: (a) preventing 1992 DSAs from sending out the new tags except when handling requests that can't come from a 1992 DSA, or (b) adding the specific tags which cause the problem to the 1988 syntax, but allowing 1988 DUAs to ignore the values. Alternative (a) appears to be the original intent of the developers of the 1992 edition of the standerd. Alternative (b) would require changes to the DUAs that might be much easier than the proposed solution. However, the proposed solution would put us in a much better position to accomodate the future evolution of the directory standard than would either of the alternatives mentioned. (I'm not so sure that (a) is feasible for matchedSubtype.) I suggest that those involved in developing DUAs and deploying DUAs speak up about impact or lack of impact on the deployment of the directory, to assist those making these decisions. (No, I'm not involved.) As for the ISP, it seems to me that this will make it wise to delay the DUA ISP (ADI11), since about the only things needed in the DUA ISP seem to be this and perhaps a bit on authentication. This has no impact on the 1988 DSA ISP. -- John H. Dale fax +1-703-846-8590 COS, 8260 Willow Oaks Corporate Dr., jdale@cos.com tel +1-703-205-2742 Suite 700, Fairfax, VA 22031
- Defect report 074 for DUA abstrct syntax John H. Dale