Chance to fix X.509

["Ella P. Gardner" <epg@gateway.mitre.org>]

Any US input for the X3T5 meeting week after next? Hoyt Kesterson says that
it is not on the agenda of the interim Directory meeting, but we have to start 
sometime...

Ella Gardner
MITRE

----- Begin Included Message -----

From pem-dev-relay@TIS.COM Fri Aug 13 10:25:20 1993
Return-Path: <pem-dev-relay@TIS.COM>
Received: from mbunix.mitre.org by gateway.mitre.org (5.61/SMI-2.2)
	id AA00648; Fri, 13 Aug 93 10:24:54 -0400
Organization: The MITRE Corp.
Received: from TIS.COM by mbunix.mitre.org (911016.SGI/4.7)
	id AA27067; Fri, 13 Aug 93 10:24:09 -0400
Received: by TIS.COM (4.1/SUN-5.64)
	id AA14677; Fri, 13 Aug 93 09:38:59 EDT
Received: from swan.cl.cam.ac.uk by TIS.COM (4.1/SUN-5.64)
	id AA14667; Fri, 13 Aug 93 09:38:55 EDT
Received: from smew.cl.cam.ac.uk (user mrr (rfc931)) by swan.cl.cam.ac.uk 
	         with SMTP (PP-6.5) to cl; Fri, 13 Aug 1993 14:38:41 +0100
To: pem-dev@TIS.COM
Cc: Michael.Roe@cl.cam.ac.uk
Subject: Chance to fix X.509
Date: Fri, 13 Aug 93 14:38:33 +0100
From: Mike Roe <Michael.Roe@cl.cam.ac.uk>
Message-Id: <"swan.cl.cam.:121300:930813133847"@cl.cam.ac.uk>
Sender: pem-dev-relay@TIS.COM
Status: RO


The followung ISO document arrived on my desk this morning:

****************************************************************

ISO/IEC JTC 1/SC 21 N 7940
Date: June 1993
ISO/IEC JTC 1/SC 21
Open Systems Interconnection, Data Management and Open Distributed Processing
Secretariat: U.S.A (ANSI)

TITLE: Request for Contributions on Extensions to ITU-TS Recommendation X.509
       ISO/IEC 9594-8 Certificate Definitions

SOURCE: ISO/IEC JTC 1/SC 21/WG 4 Meeting, Yokohama, June 1993

PROJECT: 21.29

STATUS: output document for study and comment

REQUIRED ACTION: As per SC 21/WG Yokohama resolution 3.3, this document is
 circulated to SC 21 National Bodies and Liaison Organizations for study and
 comment. Contributions submitted on this document should reach the SC 21/WG 4
 Secretariat no later than 23 May 1993.

DISTRIBUTION: P and L Members
              Mr. P. D. Bartoli, Chairman JTC 1/21
              Mr. K. Morino, Convenor JTC 1/21/4
              Ms R. Mori, Sec JTC 1/21/4

A NP has been established for extending the definition of the security
certificates defined in ITU-TS Recommendation X.509 | ISO/IEC 9594-8. It is
expected that these extensions will provide:

* better support for non-repudiation requirements

* the ability for certificates to hold multiple algorithms and keys. For
  example, the algorithm identified for confidentiality may be weaker than
  that identified for integrity or authentication.

* more flexibility is extending certificate by providing extensibility
  mechanisms to allow the addition of both standardized and proprietary
  extensions to certificate definitions. This mechanism would allow a user
  of a certificate to ignore unknown information in the certificte if
  permitted by policy.

National bodies and liaison organizations are asked to provide contributions
into the next Directory meeting in January/February of 1994.

***************************************************************************
(end of ISO document)

The list of defects in X.509 is extremely well-known to most standards bodies
(after all, the same list of defects has been repeatedly raised every year for
the last five years....) However, to make sure none of the smaller defects get
forgotten, and to increase the chance of something getting done this time
round, now would be a good time for interested parties to contact their
national representative and make their views known.


In the UK, to table a document for discussion by IST 21/-/1/1 (the security
panel of IST 21/1), you can send it to me:

Michael Roe
University of Cambridge Computer Laboratory
New Museums Site
Pembroke Street
Cambridge
UK

Email: mrr@cl.cam.ac.uk
Fax: +44 223 334678

Mike


----- End Included Message -----