Re: FW: New Liaison Statement, "Liaison to IETF on the removal of upper bound in X.509"

Steven Legg <steven.legg@eb2bcom.com> Wed, 10 October 2007 01:22 UTC

Return-path: <owner-ietf-pkix@mail.imc.org>
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IfQHp-0006pL-UK for pkix-archive@lists.ietf.org; Tue, 09 Oct 2007 21:22:57 -0400
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IfQHe-0003Yc-GY for pkix-archive@lists.ietf.org; Tue, 09 Oct 2007 21:22:49 -0400
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l9A0fDZ8031180 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 9 Oct 2007 17:41:13 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l9A0fDN6031179; Tue, 9 Oct 2007 17:41:13 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from host.eb2bcom.com (host.eb2bcom.com [72.232.34.10]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l9A0fCTv031165 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 9 Oct 2007 17:41:12 -0700 (MST) (envelope-from steven.legg@eb2bcom.com)
Received: from [202.164.192.219] (helo=[192.168.99.100]) by host.eb2bcom.com with esmtpa (Exim 4.68) (envelope-from <steven.legg@eb2bcom.com>) id 1IfPdP-0004Sa-29; Wed, 10 Oct 2007 10:41:11 +1000
Message-ID: <470C1FA3.40000@eb2bcom.com>
Date: Wed, 10 Oct 2007 10:41:07 +1000
From: Steven Legg <steven.legg@eb2bcom.com>
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Paul Hoffman <paul.hoffman@vpnc.org>
CC: "ietf-pkix@vpnc.org" <ietf-pkix@vpnc.org>
Subject: Re: FW: New Liaison Statement, "Liaison to IETF on the removal of upper bound in X.509"
References: <E75F200AF1718F45B2024A88C3141A1D06437A82F3@EA-EXMSG-C320.europe.corp.micr osoft.com> <p0624082cc331ad9846db@[192.168.1.100]>
In-Reply-To: <p0624082cc331ad9846db@[192.168.1.100]>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - host.eb2bcom.com
X-AntiAbuse: Original Domain - vpnc.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - eb2bcom.com
X-Source:
X-Source-Args:
X-Source-Dir:
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: e1e48a527f609d1be2bc8d8a70eb76cb


Paul,

Paul Hoffman wrote:
> 
> It seems like there are two questions here:
> 
> - Do we object to the ITU making the upper bound on DirectoryString 
> optional

They've been optional since the second edition of X.500. The defect
resolution will make that clearer, as well as steering away from
any specific suggestions for the upper bounds.

> 
> - Should we do anything to draft-ietf-pkix-rfc3280bis to reflect that
> 
> The answer to the first should be "no, we don't". Russ gave a list that 
> shows the the ITU has a *long* way to go before it gets rid of the silly 
> maximum lengths in X.509.

The defect resolution will throw them all out at the same time.

> 
> For me, the answer to the second question is "no" because of the large 
> number of other silly limitations, most notably CommonName being 64 
> characters.

Aren't these other silly limitations inherited from the upper bounds
in X.500 ? Alignment with X.500 and LDAP would mean removing these
limitations as well.

Regards,
Steven

> 
> --Paul Hoffman, Director
> --VPN Consortium
>