Re: PEM CRL registration for storage in X.500 databases
Mike Roe <Michael.Roe@cl.cam.ac.uk> Tue, 01 June 1993 18:20 UTC
Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa10612; 1 Jun 93 14:20 EDT
Received: from CNRI.RESTON.VA.US by IETF.CNRI.Reston.VA.US id aa10605; 1 Jun 93 14:20 EDT
Received: from TIS.COM by CNRI.Reston.VA.US id aa19050; 1 Jun 93 14:20 EDT
Received: by TIS.COM (4.1/SUN-5.64) id AA27084; Tue, 1 Jun 93 14:22:17 EDT
Received: from swan.cl.cam.ac.uk by TIS.COM (4.1/SUN-5.64) id AA27054; Tue, 1 Jun 93 14:22:05 EDT
Received: from smew.cl.cam.ac.uk (user mrr (rfc931)) by swan.cl.cam.ac.uk with SMTP (PP-6.5) to cl; Tue, 1 Jun 1993 19:19:56 +0100
To: Dan Nessett <nessett@ocfmail.ocf.llnl.gov>
Cc: pem-dev@tis.com, tcheung@llnl.gov, solo@bbn.com, Michael.Roe@cl.cam.ac.uk
Subject: Re: PEM CRL registration for storage in X.500 databases
In-Reply-To: Your message of Tue, 01 Jun 93 08:13:56 -0800. <9306011513.AA09620@ocfmail.ocf.llnl.gov>
Date: Tue, 01 Jun 1993 19:19:51 +0100
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Mike Roe <Michael.Roe@cl.cam.ac.uk>
Message-Id: <"swan.cl.cam.:064760:930601182002"@cl.cam.ac.uk>
X-Orig-Sender: pem-dev-relay@tis.com
> Below is a message from Peter Williams describing how UCL has registered > PEM CRLs as an X.500 attribute syntax. I thought people on this list might > want to know about it. Yes, I was very interested to see it! The original intention of the PASSWORD project was to register the PEM CRL as an official COSINE/Internet schema attribute, by going through the formal procedure for registering a new attribute laid down in RFC 1274. UCL were supposed to be doing this.... Anyway, to make sure it gets done by some-one, I've just submitted a request for the new attributes & object classes through the official channel. If it turns out that someone else has already done this, I'll just get told I've submitted a duplicate request. Mike ---- forwarded message Delivery-Date: Tue, 1 Jun 1993 19:07:34 +0100 Received: from smew.cl.cam.ac.uk (user mrr (rfc931)) by swan.cl.cam.ac.uk with SMTP (PP-6.5) to cl; Tue, 1 Jun 1993 19:07:05 +0100 To: na-update@cs.ucl.ac.uk cc: Michael.Roe@cl.cam.ac.uk Subject: Attributes and object classes for Privacy Enhanced Mail Date: Tue, 01 Jun 93 19:07:01 +0100 From: Mike Roe <Michael.Roe@cl.cam.ac.uk> Message-ID: <"swan.cl.cam.:063110:930601180732"@cl.cam.ac.uk> Dear Sir, I would like to propose the following attributes and object classes for addition to the COSINE and Internet X.500 Schema described in RFC 1274. These new attributes and object classes are needed to support the Privacy Enhanced Mail protocol, which is defined in RFC 1422. Yours sincerely, Michael Roe Cambridge University Computer Laboratory ***************************************************************************** Object Class: Internet Certification Authority Description: The Internet Certification Authority object class represents a Certification Authority which supports the certificate-based key distribution mechanism described in RFC 1422, ``Privacy Enhancement for Internet Electronic Mail: Part II: Certificate-Based Key Management''. ASN1OCMacro: internetCertficationAuthority OBJECT-CLASS SUBCLASS OF top MUST CONTAIN { caCertificate, internetCertificateRevocationList, internetAuthorityRevocationList } MAY CONTAIN { crossCertificatePair} ***************************************************************************** Attribute Type: Internet Certificate Revocation List Description: The Internet Certificate Revocation List attribute identifies user certificates which have been revoked and should be rejected as invalid. OCMust: internetCertificationAuthority OCMay: ASN1ATMacro: internetCertificateRevocationList ATTRIBUTE WITH ATTRIBUTE-SYNTAX internetCertificateListSyntax ***************************************************************************** Attribute Type: Internet Authority Revocation List Description: The Internet Authority Revocation List attribute identifies CA certificates which have been revoked and should be rejected as invalid. OCMust: internetCertificationAuthority OCMay: ASN1ATMacro: internetCertificateRevocationList ATTRIBUTE WITH ATTRIBUTE-SYNTAX internetCertificateListSyntax ***************************************************************************** Attribute Syntax: Internet Certificate List Syntax Description: The Internet Certificate List syntax is used to represent a a signed and time-stamped list of certificate serial numbers. The 'issuer' field names the authority responsible for maintaining the list. The 'lastUpdate' field contains the time at which the list was issued. The 'nextUpdate' field contains the time at which the issuer expects to issue a revised list. ASN1SyMacro: internetCertificateListSyntax ATTRIBUTE-SYNTAX CertificateRevocationList MATCHES FOR EQUALITY CertificateRevocationList ::= SIGNED SEQUENCE{ signature AlgorithmIdentifier, issuer Name, lastUpdate UTCTime, nextUpdate UTCTime, revokedCertificates SEQUENCE OF CRLEntry OPTIONAL} CRLEntry ::= SEQUENCE{ userCertificate SerialNumber, revocationDate UTCTime} ***************************************************************************** ---- end forwarded message
- PEM CRL registration for storage in X.500 databas… Dan Nessett
- Re: PEM CRL registration for storage in X.500 dat… Mike Roe
- Re: PEM CRL registration for storage in X.500 dat… Steve Kent
- Re: PEM CRL registration for storage in X.500 dat… Dan Nessett
- Re: PEM CRL registration for storage in X.500 dat… solo
- Re: PEM CRL registration for storage in X.500 dat… Mike Roe
- Re: PEM CRL registration for storage in X.500 dat… terry cheung
- Re: PEM CRL registration for storage in X.500 dat… Steve Kille