RE: Comments to PKIX AC profile
"Pawling, John" <John.Pawling@GetronicsGov.com> Tue, 17 April 2001 14:16 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id KAA08283 for <pkix-archive@odin.ietf.org>; Tue, 17 Apr 2001 10:16:05 -0400 (EDT)
Received: from localhost (daemon@localhost) by above.proper.com (8.9.3/8.9.3) with SMTP id HAA19352; Tue, 17 Apr 2001 07:15:14 -0700 (PDT)
Received: by mail.imc.org (bulk_mailer v1.12); Tue, 17 Apr 2001 07:14:56 -0700
Received: from wfhqex05.gfgsi.com (netva01.getronicsgov.com [206.137.100.2]) by above.proper.com (8.9.3/8.9.3) with ESMTP id HAA19298 for <ietf-pkix@imc.org>; Tue, 17 Apr 2001 07:14:54 -0700 (PDT)
Received: by wfhqex05.gfgsi.com with Internet Mail Service (5.5.2650.21) id <H95FYW1D>; Tue, 17 Apr 2001 10:16:12 -0400
Message-ID: <0B95FB5619B3D411817E006008A592596929BD@wfhqex06.gfgsi.com>
From: "Pawling, John" <John.Pawling@GetronicsGov.com>
To: "'stephen.farrell@baltimore.ie'" <stephen.farrell@baltimore.ie>
Cc: "ietf-pkix@imc. org (E-mail)" <ietf-pkix@imc.org>
Subject: RE: Comments to PKIX AC profile
Date: Tue, 17 Apr 2001 10:16:10 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain; charset="iso-8859-1"
Precedence: bulk
List-Archive: http://www.imc.org/ietf-pkix/mail-archive/
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: mailto:ietf-pkix-request@imc.org?body=unsubscribe
Stephen, Thank you for your response. I agree that you can just change "DEFINITIONS EXPLICIT TAGS" to "DEFINITIONS IMPLICIT TAGS" in the current module. =========================================== John Pawling, John.Pawling@GetronicsGov.com Getronics Government Solutions, LLC =========================================== -----Original Message----- From: Stephen Farrell [mailto:stephen.farrell@baltimore.ie] Sent: Tuesday, April 17, 2001 9:13 AM To: Pawling, John Cc: ietf-pkix@imc. org (E-mail) Subject: Re: Comments to PKIX AC profile Hi John, You're right about the EXPLICIT, but can't I just change the current module to (the 509-2000 compatible) IMPLICIT tagging rather than add a whole new module? (Maybe that's what you meant.) Same thing for clearance: I'll make the change you suggest. BTW: both of these break code, so anyone with code compliant to the -06 I-D, who has a reason not to make the change should yell about this now. Regards, Stephen (who just hates sneaky tagging:-) "Pawling, John" wrote: > > All, > > In a separate message, Stephen Henson reported an incompatibility between > the Attribute Certificate (AC) ASN.1 syntaxes defined in the PKIX AC Profile > for Authorization <draft-ietf-pkix-ac509prof-06.txt> and draft 2000 X.509 > Recommendation (4th Edition, Draft V7, 23 Feb 2001). > The PKIX AC Profile, Appendix B, ASN.1 module includes "DEFINITIONS EXPLICIT > TAGS ::=", but the 2000 X.509 Recommendation ASN.1 module defining the AC > syntax includes "DEFINITIONS IMPLICIT TAGS ::=". Recommend that the PKIX AC > Profile should be changed so that the AC ASN.1 syntax is equivalent (i.e. > produces the identical ASN.1 hex encoding) to that defined in the draft 2000 > X.509 Recommendation. This could be accomplished by moving the AC syntax > definition (and component syntax definitions) from the existing Appendix B > module to a new ASN.1 module that includes "DEFINITIONS IMPLICIT TAGS ::=". > That is the strategy used in the draft 2000 X.509 Recommendation. > > Also, recommend that ac509prof-06 file should be changed so that the > Clearance attribute ASN.1 syntax defined in Appendix B is equivalent to that > defined in X.501. X.501 defines the Clearance attribute syntax using > AUTOMATIC TAGS. The Clearance attribute syntax in the PKIX AC profile > should be changed as follows to be consistent with X.501: > > Clearance ::= SEQUENCE > { > policyId > [0] OBJECT IDENTIFIER, > classList > [1] ClassList DEFAULT {unclassified}, > securityCategories > [2] SET OF SecurityCategory OPTIONAL > } > > =========================================== > John Pawling, John.Pawling@GetronicsGov.com > Getronics Government Solutions, LLC > =========================================== -- ____________________________________________________________ Stephen Farrell Baltimore Technologies, tel: (direct line) +353 1 881 6716 39 Parkgate Street, fax: +353 1 881 7000 Dublin 8. mailto:stephen.farrell@baltimore.ie Ireland http://www.baltimore.com
- Comments to PKIX AC profile Pawling, John
- Re: Comments to PKIX AC profile Stephen Farrell
- RE: Comments to PKIX AC profile Pawling, John
- Re: Comments to PKIX AC profile Russ Housley