Re: PEM CRL registration for storage in X.500 databases
Mike Roe <Michael.Roe@cl.cam.ac.uk> Tue, 01 June 1993 18:20 UTC
Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa10612; 1 Jun 93 14:20 EDT
Received: from CNRI.RESTON.VA.US by IETF.CNRI.Reston.VA.US id aa10605; 1 Jun 93 14:20 EDT
Received: from TIS.COM by CNRI.Reston.VA.US id aa19050; 1 Jun 93 14:20 EDT
Received: by TIS.COM (4.1/SUN-5.64) id AA27084; Tue, 1 Jun 93 14:22:17 EDT
Received: from swan.cl.cam.ac.uk by TIS.COM (4.1/SUN-5.64) id AA27054; Tue, 1 Jun 93 14:22:05 EDT
Received: from smew.cl.cam.ac.uk (user mrr (rfc931)) by swan.cl.cam.ac.uk with SMTP (PP-6.5) to cl; Tue, 1 Jun 1993 19:19:56 +0100
To: Dan Nessett <nessett@ocfmail.ocf.llnl.gov>
Cc: pem-dev@tis.com, tcheung@llnl.gov, solo@bbn.com, Michael.Roe@cl.cam.ac.uk
Subject: Re: PEM CRL registration for storage in X.500 databases
In-Reply-To: Your message of Tue, 01 Jun 93 08:13:56 -0800. <9306011513.AA09620@ocfmail.ocf.llnl.gov>
Date: Tue, 01 Jun 1993 19:19:51 +0100
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Mike Roe <Michael.Roe@cl.cam.ac.uk>
Message-Id: <"swan.cl.cam.:064760:930601182002"@cl.cam.ac.uk>
X-Orig-Sender: pem-dev-relay@tis.com
> Below is a message from Peter Williams describing how UCL has registered
> PEM CRLs as an X.500 attribute syntax. I thought people on this list might
> want to know about it.
Yes, I was very interested to see it!
The original intention of the PASSWORD project was to register the
PEM CRL as an official COSINE/Internet schema attribute, by going through
the formal procedure for registering a new attribute laid down in RFC 1274.
UCL were supposed to be doing this....
Anyway, to make sure it gets done by some-one, I've just submitted a request
for the new attributes & object classes through the official channel.
If it turns out that someone else has already done this, I'll just get told
I've submitted a duplicate request.
Mike
---- forwarded message
Delivery-Date: Tue, 1 Jun 1993 19:07:34 +0100
Received: from smew.cl.cam.ac.uk (user mrr (rfc931)) by swan.cl.cam.ac.uk
with SMTP (PP-6.5) to cl; Tue, 1 Jun 1993 19:07:05 +0100
To: na-update@cs.ucl.ac.uk
cc: Michael.Roe@cl.cam.ac.uk
Subject: Attributes and object classes for Privacy Enhanced Mail
Date: Tue, 01 Jun 93 19:07:01 +0100
From: Mike Roe <Michael.Roe@cl.cam.ac.uk>
Message-ID: <"swan.cl.cam.:063110:930601180732"@cl.cam.ac.uk>
Dear Sir,
I would like to propose the following attributes and object classes for
addition to the COSINE and Internet X.500 Schema described in RFC 1274.
These new attributes and object classes are needed to support the Privacy
Enhanced Mail protocol, which is defined in RFC 1422.
Yours sincerely,
Michael Roe
Cambridge University Computer Laboratory
*****************************************************************************
Object Class: Internet Certification Authority
Description: The Internet Certification Authority object class represents
a Certification Authority which supports the certificate-based key distribution
mechanism described in RFC 1422, ``Privacy Enhancement for Internet Electronic
Mail: Part II: Certificate-Based Key Management''.
ASN1OCMacro: internetCertficationAuthority OBJECT-CLASS
SUBCLASS OF top
MUST CONTAIN {
caCertificate,
internetCertificateRevocationList,
internetAuthorityRevocationList }
MAY CONTAIN {
crossCertificatePair}
*****************************************************************************
Attribute Type: Internet Certificate Revocation List
Description: The Internet Certificate Revocation List attribute identifies
user certificates which have been revoked and should be rejected as invalid.
OCMust: internetCertificationAuthority
OCMay:
ASN1ATMacro: internetCertificateRevocationList ATTRIBUTE
WITH ATTRIBUTE-SYNTAX
internetCertificateListSyntax
*****************************************************************************
Attribute Type: Internet Authority Revocation List
Description: The Internet Authority Revocation List attribute identifies
CA certificates which have been revoked and should be rejected as invalid.
OCMust: internetCertificationAuthority
OCMay:
ASN1ATMacro: internetCertificateRevocationList ATTRIBUTE
WITH ATTRIBUTE-SYNTAX
internetCertificateListSyntax
*****************************************************************************
Attribute Syntax: Internet Certificate List Syntax
Description: The Internet Certificate List syntax is used to represent a
a signed and time-stamped list of certificate serial numbers. The 'issuer'
field names the authority responsible for maintaining the list. The 'lastUpdate'
field contains the time at which the list was issued. The 'nextUpdate'
field contains the time at which the issuer expects to issue a revised list.
ASN1SyMacro: internetCertificateListSyntax ATTRIBUTE-SYNTAX
CertificateRevocationList
MATCHES FOR EQUALITY
CertificateRevocationList ::= SIGNED SEQUENCE{
signature AlgorithmIdentifier,
issuer Name,
lastUpdate UTCTime,
nextUpdate UTCTime,
revokedCertificates
SEQUENCE OF CRLEntry OPTIONAL}
CRLEntry ::= SEQUENCE{
userCertificate SerialNumber,
revocationDate UTCTime}
*****************************************************************************
---- end forwarded message
- PEM CRL registration for storage in X.500 databas… Dan Nessett
- Re: PEM CRL registration for storage in X.500 dat… Mike Roe
- Re: PEM CRL registration for storage in X.500 dat… Steve Kent
- Re: PEM CRL registration for storage in X.500 dat… Dan Nessett
- Re: PEM CRL registration for storage in X.500 dat… solo
- Re: PEM CRL registration for storage in X.500 dat… Mike Roe
- Re: PEM CRL registration for storage in X.500 dat… terry cheung
- Re: PEM CRL registration for storage in X.500 dat… Steve Kille