Re:

Skip Slone <jpslone@tag.den.mmc.com> Wed, 09 June 1993 19:34 UTC

Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa10437; 9 Jun 93 15:34 EDT
Received: from CNRI.RESTON.VA.US by IETF.CNRI.Reston.VA.US id aa10429; 9 Jun 93 15:34 EDT
Received: from haig.cs.ucl.ac.uk by CNRI.Reston.VA.US id aa25888; 9 Jun 93 15:34 EDT
Received: from bells.cs.ucl.ac.uk by haig.cs.ucl.ac.uk with local SMTP id <g.04218-0@haig.cs.ucl.ac.uk>; Wed, 9 Jun 1993 19:31:57 +0100
Received: from everest.den.mmc.com by bells.cs.ucl.ac.uk with Internet SMTP id <g.22981-0@bells.cs.ucl.ac.uk>; Wed, 9 Jun 1993 19:31:47 +0100
Received: from tag (tag.den.mmc.com) by everest.den.mmc.com (4.1/1.34.a) id AA16561; Wed, 9 Jun 93 12:31:37 MDT
Received: from [141.240.60.198] by tag (4.1/1.34.a) id AA09044; Wed, 9 Jun 93 12:32:12 MDT
Date: Wed, 9 Jun 93 12:32:11 MDT
Message-Id: <9306091832.AA09044@tag>
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Skip Slone <jpslone@tag.den.mmc.com>
Reply-To: Skip Slone <jpslone@mmc.com>
To: osi-ds@cs.ucl.ac.uk
Subject: Re:

In message <9306091714.AA09007@tag>  writes:
> >From P.Furniss Wed Jun  9 16:56:13 BST 1993 remote from ulcc.ac.uk
> Subject: Problem with oid root used in RFC 1274
> To: S.Kille@isode.com (Steve Hardcastle-Kille)
> Date: Wed, 9 Jun 93 16:56:13 BST
>  
> 
> RFC 1274 (The COSINE and Internet X.500 Schema) defines Directory 
> objects and attributes which have the following object id root for their 
> identifications:
> 
>       {ccitt(0) data(9) pss(2342) ucl(19200300) pilot(100)}
> 
> However, it appears that this is not a valid object id, as annex C of
> ISO/IEC 8824:1990 identifies only four arcs below ccitt(0). CCITT (now
> ITU-TS) have not assigned any new arcs. (as far as I can make out)
>
> The OSI-tg interest is because some of the attributes cover transition 
> from the UK NRS scheme to Directory. The problem is whether the oid 
> root should be changed to a valid one, or we just carry on and don't 
> worry.
> 
> If we don't change, there is some risk that some (commercial)
> Directory implementation may include something that refuses to allow
> invalid oids, and which therefore could not accept or access entries

Unless I'm way off base in my understanding, OIDs are, by design, extensible.  
Anyone who has a legitimately assigned OID has the right and authority to assign
further OIDs using the first one as the base.  From this perspective, a 
conformant implementation is obligated to accept a syntactically correct OID as 
an OID whether it understands the semantics or not.

This is partially covered in the "Rules for extensibility" clauses in X.519 
(9594 part 5), where it says things like "...shall not consider the receipt of 
unknown attribute types and attribute values as a protocol violation..."  This 
text is in the 93 edition and the same concept was incorporated into 88 as 
defect report 052.  Loosely translated, this says "just because you don't 
recognize the OID identifying the attribute type (or the attribute value 
identifying the OID of the object class), you can't assume the OID is invalid."

What this means to me when I put on my "DUA developer" hat is an implementation 
that croaks when it encounters an unknown OID is simply non-conformant to the 
standard, end of discussion.  Further, an implementation that can handle unknown
OIDs, but that doesn't allow me to define new semantics for previously unknown 
OIDs may be conformant, but it's basically useless to me over the long haul.

> using the 1274 schema. Since the awkward implementation could claim to
> be a more accurate implementation of the CCITT/ISO standard, this
> might produce some strange arguments.  We would be propagating
> something that is nearly, but not quite osi.
> 
> There would obviously be some difficulty with a change-over to 
> synonymous valid oids. It will be extremely difficult unless Directory 
> implementations can handle synonyms - but I believe many can.
> 
> If the oid root is changed, it would be possible to make it appreciably 
> shorter - using an additional, IANA-assigned, arc from the same root as 
> SNMP uses would seem sensible.
> 
> What should be done ?
> 

For new work, people can do what makes the most sense knowing what we 
(collectively) know now, but for existing stuff, let's not rock the boat.  It's 
working.  It's legitimate.  Let's not "fix" it.

  -- Skip Slone