Re: New Liaison Statement, "Liaison to IETF on the removal of upper bound in X.509"

Paul Hoffman <paul.hoffman@vpnc.org> Fri, 12 October 2007 15:50 UTC

Return-path: <owner-ietf-pkix@mail.imc.org>
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IgMmT-0000aj-LB for pkix-archive@lists.ietf.org; Fri, 12 Oct 2007 11:50:29 -0400
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IgMmL-0002bn-O4 for pkix-archive@lists.ietf.org; Fri, 12 Oct 2007 11:50:23 -0400
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l9CEYaBO054666 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 12 Oct 2007 07:34:36 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l9CEYaap054665; Fri, 12 Oct 2007 07:34:36 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from [192.168.1.3] (pool-72-76-39-171.nwrknj.fios.verizon.net [72.76.39.171]) (authenticated bits=0) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l9CEYLe0054649 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 12 Oct 2007 07:34:23 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
Mime-Version: 1.0
Message-Id: <p06240822c33533e1b00d@[192.168.1.3]>
In-Reply-To: <470EC778.500@eb2bcom.com>
References: <4707E6DA.1070703@cs.tcd.ie> <2788466ED3E31C418E9ACC5C316615570536E1@mou1wnexmb09.vcorp.ad.vrsn.com> <FA998122A677CF4390C1E291BFCF59890849839E@EXCH.missi.ncsc.mil> <470BB253.3030703@cs.tcd.ie> <FA998122A677CF4390C1E291BFCF598908498416@EXCH.missi.ncsc.mil> <470C1C32.70603@eb2bcom.com> <E75F200AF1718F45B2024A88C3141A1D06437A82F3@EA-EXMSG-C320.europe.corp.micr osoft.com> <p0624082cc331ad9846db@[192.168.1.100]> <470C1FA3.40000@eb2bcom.com> <p06240801c332913ed8ad@[192.168.1.3]> <470EC778.500@eb2bcom.com>
Date: Fri, 12 Oct 2007 10:29:16 -0400
To: Steven Legg <steven.legg@eb2bcom.com>
From: Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: New Liaison Statement, "Liaison to IETF on the removal of upper bound in X.509"
Cc: ietf-pkix@imc.org
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 39bd8f8cbb76cae18b7e23f7cf6b2b9f

At 11:01 AM +1000 10/12/07, Steven Legg wrote:
>Paul Hoffman wrote:
>>Has the X.500 working group communicated that to the PKIX WG, or the IETF?
>
>Yes, in the liaison statement where it says "We plan to remove the
>upper bounds specified in the standard". The example change to X.520
>suggests that "the standard" means more than just X.509.

With all due respect, "suggests" is not enough here. Further, the 
sentence you quoute is the only one in the whole liaison statement 
that talks about more than just DirectoryString.

Before the PKIX WG acts (such as changing RFC3280bis), we should get 
a clearer liaison statement, hopefully one that says "all upper 
bounds have been removed".

>It has been established on this list that the upper bounds in X.500
>have been non-normative since the second edition.

You said that in an earlier message. Could you point us to a specific 
section of a specific version of X.500 where that is true? Most of us 
are not X.500 users.

>I had a closer look at RFC 3280. Some of the upper bounds originate
>from X.500, but there is a bunch of upper bounds constraining
>component parts of ORAddress that come from X.400, primarily the
>upper bounds with names ending with "-length". The former are in
>scope for the change contemplated by the X.500 working group, but
>the latter are not.

We can probably change things relating to X.400 without fear of 
real-world interop problems.

--Paul Hoffman, Director
--VPN Consortium