Re: LDAPv3 Profile Issue
David Chadwick <d.w.chadwick@salford.ac.uk> Wed, 06 August 2003 03:35 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA07874 for <pkix-archive@lists.ietf.org>; Tue, 5 Aug 2003 23:35:33 -0400 (EDT)
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h762B6qt058914 for <ietf-pkix-bks@above.proper.com>; Tue, 5 Aug 2003 19:11:06 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h762B6Bp058911 for ietf-pkix-bks; Tue, 5 Aug 2003 19:11:06 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from new_bruno (bruno.gric.com [216.231.202.145]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h762B5qt058897 for <ietf-pkix@imc.org>; Tue, 5 Aug 2003 19:11:05 -0700 (PDT) (envelope-from d.w.chadwick@salford.ac.uk)
Received: from salford.ac.uk (dialup-65.58.57.130.Dial1.Denver1.Level3.net [65.58.57.130]) by new_bruno (8.12.7/8.12.7) with ESMTP id h7629xTX026430; Tue, 5 Aug 2003 19:10:00 -0700 (PDT)
Message-ID: <3F2FA970.7EB7E816@salford.ac.uk>
Date: Tue, 05 Aug 2003 13:56:16 +0100
From: David Chadwick <d.w.chadwick@salford.ac.uk>
Organization: University of Salford
X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
To: steven.legg@adacel.com.au
CC: 'PKIX' <ietf-pkix@imc.org>
Subject: Re: LDAPv3 Profile Issue
References: <002001c357ea$f60592b0$a518200a@osmium.mtwav.adacel.com.au>
Content-Type: multipart/mixed; boundary="------------86E8B62C23DDDBF0585A6FCE"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Steven thanks. I can now make the appropriate changes to the profile David Steven Legg wrote: > > David, > > David Chadwick wrote: > > Colleagues > > > > at the Vienna meeting I stated that the only outstanding > > issue with the > > LDAPv3 profile was the use of multi-valued RDNs. However, > > there is also > > the use of the ;binary extension that still has to be addressed and > > resolved (unfortunately), since the profile needs to state what PKI > > clients should do with ;binary. > > I thought this was already resolved. Tim Polk previously proposed the > following to the list: > > (1) Upon review of the PKIX-LDAP survey we see a critical mass of PKI > clients > and LDAP servers that achieve interoperability using LDAPv3 with the > ;binary > option. As these clients appear to be in the majority, we believe the > best > approach is to maintain this option for the transfer of X.509 certificates > and > CRLs. Since this is the behavior documented in RFCs 2251, 2252, and 2256 > (as > well as the overarching 3377) this will require the least changes to the > LDAPv3 > specifications as well. > > (4) The lack of a defined LDAP-specific encoding for Certificate, > Certificate > List and Certificate Pair syntaxes is a problem, as a small percentage of > implementations transfer these attributes without the ;binary option. > Rather > than be silent, we suggest that the PKIX syntax and schema document state > the > LDAP-specific encoding used in transfer without the ;binary option but > deprecate its use. This LDAP-specific encoding has the same transfer > representation as when the attribute is transferred with the ;binary > option. > > As I recall there was no serious dissent. Consensus seems to have been > achieved. > I wrote draft-legg-ldap-binary-00.txt assuming this was the case. > > Regards, > Steven > > > > > The ;binary issue is holding up the final calls on the LDAPv3 profile, > > and the LDAP PKI and PMI schema documents (from Steven Legg > > and myself). > > Fortunately it does not affect the LDAP attribute extraction schema > > profiles that are due to be published as Informational RFCs, but > > nevertheless we do need closure on the ;binary issue as soon > > as possible > > > > regards > > > > David > > > > -- > > ********************************************************* > > > > Leaders of the world's richest nations meet in Cancun on > > September 10th > > 2003. Oxfam is presenting them with a petition to make trade fair. Be > > sure your voice is heard. Sign the 'Big Noise' petition to make trade > > fair at: > > > > http://www.maketradefair.com/go/join/?p=omf1 > > > > > > ***************************************************************** > > > > David W. Chadwick, BSc PhD > > Professor of Information Systems Security > > IS Institute, University of Salford, Salford M5 4WT > > Tel: +44 161 295 5351 Fax +44 01484 532930 > > Mobile: +44 77 96 44 7184 > > Email: D.W.Chadwick@salford.ac.uk > > Home Page: http://www.salford.ac.uk/its024/chadwick.htm > > Research Web site: http://sec.isi.salford.ac.uk > > Seminars: http://www.salford.ac.uk/its024/seminars.htm > > Entrust key validation string: MLJ9-DU5T-HV8J > > PGP Key ID is 0xBC238DE5 > > > > ***************************************************************** -- ********************************************************* Leaders of the world's richest nations meet in Cancun on September 10th 2003. Oxfam is presenting them with a petition to make trade fair. Be sure your voice is heard. Sign the 'Big Noise' petition to make trade fair at: http://www.maketradefair.com/go/join/?p=omf1 ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security IS Institute, University of Salford, Salford M5 4WT Tel: +44 161 295 5351 Fax +44 01484 532930 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@salford.ac.uk Home Page: http://www.salford.ac.uk/its024/chadwick.htm Research Web site: http://sec.isi.salford.ac.uk Seminars: http://www.salford.ac.uk/its024/seminars.htm Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 *****************************************************************
- LDAPv3 Profile Issue David Chadwick
- RE: LDAPv3 Profile Issue Steven Legg
- Re: LDAPv3 Profile Issue David Chadwick