RE: LDAPv3 Profile Issue
"Steven Legg" <steven.legg@adacel.com.au> Fri, 01 August 2003 06:25 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA10084 for <pkix-archive@lists.ietf.org>; Fri, 1 Aug 2003 02:25:43 -0400 (EDT)
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h7158fqt037933 for <ietf-pkix-bks@above.proper.com>; Thu, 31 Jul 2003 22:08:41 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h7158egQ037932 for ietf-pkix-bks; Thu, 31 Jul 2003 22:08:40 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from adacel.com (gunsmoke.adacel.com.au [210.11.130.7]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h7158cqt037926 for <ietf-pkix@imc.org>; Thu, 31 Jul 2003 22:08:39 -0700 (PDT) (envelope-from steven.legg@adacel.com.au)
Received: from nexus.adacel.com (Not Verified[10.32.240.1]) by adacel.com with NetIQ MailMarshal (v5.5.3.16) id <B00011f39f>; Fri, 01 Aug 2003 15:04:35 +1000
Received: (qmail 2535 invoked from network); 1 Aug 2003 05:04:04 -0000
Received: from unknown (HELO osmium) (10.32.24.165) by nexus.adacel.com with SMTP; 1 Aug 2003 05:04:04 -0000
Reply-To: steven.legg@adacel.com.au
From: Steven Legg <steven.legg@adacel.com.au>
To: 'David Chadwick' <d.w.chadwick@salford.ac.uk>, 'PKIX' <ietf-pkix@imc.org>
Subject: RE: LDAPv3 Profile Issue
Date: Fri, 01 Aug 2003 15:08:34 +1000
Message-ID: <002001c357ea$f60592b0$a518200a@osmium.mtwav.adacel.com.au>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook 8.5, Build 4.71.2377.0
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2120.0
In-Reply-To: <3F1C2E37.DC0F2F8D@salford.ac.uk>
Importance: Normal
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Content-Transfer-Encoding: 8bit
David, David Chadwick wrote: > Colleagues > > at the Vienna meeting I stated that the only outstanding > issue with the > LDAPv3 profile was the use of multi-valued RDNs. However, > there is also > the use of the ;binary extension that still has to be addressed and > resolved (unfortunately), since the profile needs to state what PKI > clients should do with ;binary. I thought this was already resolved. Tim Polk previously proposed the following to the list: (1) Upon review of the PKIX-LDAP survey we see a critical mass of PKI clients and LDAP servers that achieve interoperability using LDAPv3 with the ;binary option. As these clients appear to be in the majority, we believe the best approach is to maintain this option for the transfer of X.509 certificates and CRLs. Since this is the behavior documented in RFCs 2251, 2252, and 2256 (as well as the overarching 3377) this will require the least changes to the LDAPv3 specifications as well. (4) The lack of a defined LDAP-specific encoding for Certificate, Certificate List and Certificate Pair syntaxes is a problem, as a small percentage of implementations transfer these attributes without the ;binary option. Rather than be silent, we suggest that the PKIX syntax and schema document state the LDAP-specific encoding used in transfer without the ;binary option but deprecate its use. This LDAP-specific encoding has the same transfer representation as when the attribute is transferred with the ;binary option. As I recall there was no serious dissent. Consensus seems to have been achieved. I wrote draft-legg-ldap-binary-00.txt assuming this was the case. Regards, Steven > > The ;binary issue is holding up the final calls on the LDAPv3 profile, > and the LDAP PKI and PMI schema documents (from Steven Legg > and myself). > Fortunately it does not affect the LDAP attribute extraction schema > profiles that are due to be published as Informational RFCs, but > nevertheless we do need closure on the ;binary issue as soon > as possible > > regards > > David > > -- > ********************************************************* > > Leaders of the world's richest nations meet in Cancun on > September 10th > 2003. Oxfam is presenting them with a petition to make trade fair. Be > sure your voice is heard. Sign the 'Big Noise' petition to make trade > fair at: > > http://www.maketradefair.com/go/join/?p=omf1 > > > ***************************************************************** > > David W. Chadwick, BSc PhD > Professor of Information Systems Security > IS Institute, University of Salford, Salford M5 4WT > Tel: +44 161 295 5351 Fax +44 01484 532930 > Mobile: +44 77 96 44 7184 > Email: D.W.Chadwick@salford.ac.uk > Home Page: http://www.salford.ac.uk/its024/chadwick.htm > Research Web site: http://sec.isi.salford.ac.uk > Seminars: http://www.salford.ac.uk/its024/seminars.htm > Entrust key validation string: MLJ9-DU5T-HV8J > PGP Key ID is 0xBC238DE5 > > *****************************************************************
- LDAPv3 Profile Issue David Chadwick
- RE: LDAPv3 Profile Issue Steven Legg
- Re: LDAPv3 Profile Issue David Chadwick