IETF Logo Mail Archive

Re: LDAPv3 Profile Issue

David Chadwick <d.w.chadwick@salford.ac.uk> Wed, 06 August 2003 03:35 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA07874 for <pkix-archive@lists.ietf.org>; Tue, 5 Aug 2003 23:35:33 -0400 (EDT)
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h762B6qt058914 for <ietf-pkix-bks@above.proper.com>; Tue, 5 Aug 2003 19:11:06 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h762B6Bp058911 for ietf-pkix-bks; Tue, 5 Aug 2003 19:11:06 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from new_bruno (bruno.gric.com [216.231.202.145]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h762B5qt058897 for <ietf-pkix@imc.org>; Tue, 5 Aug 2003 19:11:05 -0700 (PDT) (envelope-from d.w.chadwick@salford.ac.uk)
Received: from salford.ac.uk (dialup-65.58.57.130.Dial1.Denver1.Level3.net [65.58.57.130]) by new_bruno (8.12.7/8.12.7) with ESMTP id h7629xTX026430; Tue, 5 Aug 2003 19:10:00 -0700 (PDT)
Message-ID: <3F2FA970.7EB7E816@salford.ac.uk>
Date: Tue, 05 Aug 2003 13:56:16 +0100
From: David Chadwick <d.w.chadwick@salford.ac.uk>
Organization: University of Salford
X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
To: steven.legg@adacel.com.au
CC: 'PKIX' <ietf-pkix@imc.org>
Subject: Re: LDAPv3 Profile Issue
References: <002001c357ea$f60592b0$a518200a@osmium.mtwav.adacel.com.au>
Content-Type: multipart/mixed; boundary="------------86E8B62C23DDDBF0585A6FCE"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>

Steven

thanks. I can now make the appropriate changes to the profile

David

Steven Legg wrote:
> 
> David,
> 
> David Chadwick wrote:
> > Colleagues
> >
> > at the Vienna meeting I stated that the only outstanding
> > issue with the
> > LDAPv3 profile was the use of multi-valued RDNs. However,
> > there is also
> > the use of the ;binary extension that still has to be addressed and
> > resolved (unfortunately), since the profile needs to state what PKI
> > clients should do with ;binary.
> 
> I thought this was already resolved. Tim Polk previously proposed the
> following to the list:
> 
>   (1) Upon review of the PKIX-LDAP “survey” we see a critical mass of PKI
> clients
>   and LDAP servers that achieve interoperability using LDAPv3 with the
> ;binary
>   option.  As these clients appear to be in the majority, we believe the
> best
>   approach is to maintain this option for the transfer of X.509 certificates
> and
>   CRLs.  Since this is the behavior documented in RFCs 2251, 2252, and 2256
> (as
>   well as the overarching 3377) this will require the least changes to the
> LDAPv3
>   specifications as well.
> 
>   (4) The lack of a defined LDAP-specific encoding for Certificate,
> Certificate
>   List and Certificate Pair syntaxes is a problem, as a small percentage of
>   implementations transfer these attributes without the ;binary option.
> Rather
>   than be silent, we suggest that the PKIX syntax and schema document state
> the
>   LDAP-specific encoding used in transfer without the ;binary option but
>   deprecate its use.  This LDAP-specific encoding has the same transfer
>   representation as when the attribute is transferred with the ;binary
> option.
> 
> As I recall there was no serious dissent. Consensus seems to have been
> achieved.
> I wrote draft-legg-ldap-binary-00.txt assuming this was the case.
> 
> Regards,
> Steven
> 
> >
> > The ;binary issue is holding up the final calls on the LDAPv3 profile,
> > and the LDAP PKI and PMI schema documents (from Steven Legg
> > and myself).
> > Fortunately it does not affect the LDAP attribute extraction schema
> > profiles that are due to be published as Informational RFCs, but
> > nevertheless we do need closure on the ;binary issue as soon
> > as possible
> >
> > regards
> >
> > David
> >
> > --
> > *********************************************************
> >
> > Leaders of the world's richest nations meet in Cancun on
> > September 10th
> > 2003. Oxfam is presenting them with a petition to make trade fair. Be
> > sure your voice is heard. Sign the 'Big Noise' petition to make trade
> > fair at:
> >
> > http://www.maketradefair.com/go/join/?p=omf1
> >
> >
> > *****************************************************************
> >
> > David W. Chadwick, BSc PhD
> > Professor of Information Systems Security
> > IS Institute, University of Salford, Salford M5 4WT
> > Tel: +44 161 295 5351  Fax +44 01484 532930
> > Mobile: +44 77 96 44 7184
> > Email: D.W.Chadwick@salford.ac.uk
> > Home Page:  http://www.salford.ac.uk/its024/chadwick.htm
> > Research Web site: http://sec.isi.salford.ac.uk
> > Seminars: http://www.salford.ac.uk/its024/seminars.htm
> > Entrust key validation string: MLJ9-DU5T-HV8J
> > PGP Key ID is 0xBC238DE5
> >
> > *****************************************************************

-- 
*********************************************************

Leaders of the world's richest nations meet in Cancun on September 10th
2003. Oxfam is presenting them with a petition to make trade fair. Be
sure your voice is heard. Sign the 'Big Noise' petition to make trade
fair at:

http://www.maketradefair.com/go/join/?p=omf1 


*****************************************************************

David W. Chadwick, BSc PhD
Professor of Information Systems Security
IS Institute, University of Salford, Salford M5 4WT
Tel: +44 161 295 5351  Fax +44 01484 532930
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick@salford.ac.uk
Home Page:  http://www.salford.ac.uk/its024/chadwick.htm
Research Web site: http://sec.isi.salford.ac.uk
Seminars: http://www.salford.ac.uk/its024/seminars.htm
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5

*****************************************************************

v2.23.0 | Report a Bug | By Email