Re: [pkix] Next edition of X.509
Wei Chuang <weihaw@google.com> Thu, 04 February 2016 19:22 UTC
Return-Path: <weihaw@google.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5DF9A1ACE05 for <pkix@ietfa.amsl.com>; Thu, 4 Feb 2016 11:22:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.379
X-Spam-Level:
X-Spam-Status: No, score=-1.379 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NkCXEiEiFlw8 for <pkix@ietfa.amsl.com>; Thu, 4 Feb 2016 11:22:32 -0800 (PST)
Received: from mail-io0-x22e.google.com (mail-io0-x22e.google.com [IPv6:2607:f8b0:4001:c06::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ED8371ACE08 for <pkix@ietf.org>; Thu, 4 Feb 2016 11:22:31 -0800 (PST)
Received: by mail-io0-x22e.google.com with SMTP id 9so104617355iom.1 for <pkix@ietf.org>; Thu, 04 Feb 2016 11:22:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=CFDLuq1RoUfZER8ihlSZSr/6F7hsBnKsERWsDOf+Sek=; b=PGXL5iRdfC3+b7r6hupHOT4emPbEI/OKuHP5tp/S7s1iJGaxSBYDwiV8C5Zx5pMFlG oiYJfsmrHbopiNTAiD9s/98MYInOQPqfxPElUGui4vbrMcORTFJkPH/3siQou4URi5ZX vQVzPwMG4TQgLd3dA3qs7bnaxh2XdjW5tdwL7GRYmzwFD7Vb4VHUcB46spWQ+Dap28cN DEtDuZEghGHkRA09UyA2k/Rrw6lG5xUYgrirRQ5ACFYETNQyd46fIlopPmjtho4KHHME GHvRT79GWlKbcKXn34HUeHSD0vMAcH3dQnsBL273Ygi2+SYF3TU8cnqKt/wNM+EvjOL2 iNUQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=CFDLuq1RoUfZER8ihlSZSr/6F7hsBnKsERWsDOf+Sek=; b=fpoUKokvslYJNhyaEIhhDaaSJ1TjpolTc+TJ7qtrUaH3tPh5USgUPSgQJhm5B6IVI0 +MsZYxq0pv5+7lPk+1v9/SYblGCAWPP71m1LS3pS+R5fZYJfSl088hBKyZ9JkKfhsd8w tEEG1H6i5kt6xttb+azb/BmeDfJWHHhLmLLdY37zUW5ZuLCRnxy8O3JJHUgyoC2Jiw4O v2mh9RBGceB8rB7k59Hs1KGB0KrYNZ/MZi0ypFTSI6o9/MJdYJ/aNLhmBENX17RPvCgn ZRIouDvBTgXC4Gt3vodKAq4wFQFEufpmwr2HRnjrECovk3GKnpGnvUcYZFCCqa4WPXui AC+w==
X-Gm-Message-State: AG10YOSJxaSfkI0bw4LzN+fhUl1xNiPakGXzc6DYBBlEVIexaTl0JyF3EX3brEPxZn9BmtLaK89HnxK/VkT7THV+
MIME-Version: 1.0
X-Received: by 10.107.132.106 with SMTP id g103mr10335313iod.141.1454613751163; Thu, 04 Feb 2016 11:22:31 -0800 (PST)
Received: by 10.64.149.39 with HTTP; Thu, 4 Feb 2016 11:22:30 -0800 (PST)
In-Reply-To: <000401d130e3$bdf08120$39d18360$@x500.eu>
References: <000001d130da$b05884d0$11098e70$@x500.eu> <5665633F.7070906@cs.tcd.ie> <000401d130e3$bdf08120$39d18360$@x500.eu>
Date: Thu, 04 Feb 2016 11:22:30 -0800
Message-ID: <CAAFsWK2gdg_dSbThMG6nADBnijkE0bHhZM6xdokxK_CDvkfVEQ@mail.gmail.com>
From: Wei Chuang <weihaw@google.com>
To: Erik Andersen <era@x500.eu>
Content-Type: multipart/alternative; boundary="001a113ec9feece3c5052af6a723"
Archived-At: <http://mailarchive.ietf.org/arch/msg/pkix/dyPpOB8lr3qmB9QaOZXbYKuAQyw>
Cc: Directory list <x500standard@freelists.org>, WG15@iectc57.org, PKIX <pkix@ietf.org>
Subject: Re: [pkix] Next edition of X.509
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Feb 2016 19:22:34 -0000
Hi Erik, I would like to point out that internationalized email addresses are not well supported in the existing documentation by the ITU X.509 as well as IETF RFCs as email addresses are specified as GeneralNames rfc822Name which are encoded with IA5String. While domain labels have been internationalized via punycoding in RFC5280, I'm not sure if this is reflected in the ITU X.509 documentation. Moreover Unicode email local-part as discussed in RFC6532 is not handled by either the ITU X.509 or RFCs. How to handle that is probably served better by a separate discussion thread, which I've sent out an initial post to pkix@ietf.org. A similar issue likely exists with uniformResourceIdentifier type as well. Perhaps its worth looking if there are others? -Wei On Mon, Dec 7, 2015 at 3:38 AM, Erik Andersen <era@x500.eu> wrote: > Hi Stephen, > > I will collect any comment on any list. The goal is to get the best > technical specification. > > Regards, > > Erik > > -----Oprindelig meddelelse----- > Fra: Stephen Farrell [mailto:stephen.farrell@cs.tcd.ie] > Sendt: 07 December 2015 11:45 > Til: Erik Andersen <era@x500.eu>; Directory list < > x500standard@freelists.org>; PKIX <pkix@ietf.org> > Cc: WG15@iectc57.org > Emne: Re: [pkix] Next edition of X.509 > > > Thank you Erik! Do I understand correctly that comments from this list > that you get before February are useful and that sending comments to the > pkix list works well enough for you? > > If so, great, and I'd ask folks who care about RFC5280 or other PKIX RFCs > to please review this to check for any glitches that might affect interop > should new code be written based on the ISO doc. I'm sure other comments > are also welcome, > > Cheers, > S. > > On 07/12/15 10:33, Erik Andersen wrote: > > In preparation for the next edition of X.509 (the 2016 edition), I > > have forwarded to the ISO/IEC JTC1/SC6 two documents for three months > ballots: > > > > > > > > These two documents may be found as: > > > > > > > > 1. http://www.x500standard.com/uploads/extensions/x509-pdam- > amd2.pdf, > > which is the 3rd PDAM text for an amendment to X.509. > > > > 2. http://www.x500standard.com/uploads/dtc/X509-Ed7-Cor2.pdf, > which a > > second draft technical corrigendum. This technical corrigendum is > > based on a set of defects reports, which include the justification for > > the changes. The Defect reports may be found on > > http://www.x500standard.com/index.php?n=Ig.DefectReports. > > > > > > > > An early corrigendum has been approved within ISO and ITU-T and may be > > found > > as: http://www.x500standard.com/uploads/dtc/X509-Ed7-Cor1.pdf. > > > > > > > > These three documents together with the seventh edition will provide > > the input to the next edition of X.509. The different > > X.recommendations, including X.509, may be found at > > http://www.itu.int/rec/T-REC-X/e. This edition of X.509 is freely > available in the PDF version. > > > > > > > > Those involved in ISO/IEC JTC1/SC6 can, of course, submit ballot > > comments on the two documents out for ballot. Others, which may have > > comments on the these document, may post them on the lists and after > > consolidation and consensus, they may be issued as ITU-T comments. > > > > > > > > It is important to check whether any of the suggested changes affects > > running codes. If that is a case, it is a mistake. > > > > > > > > The intension behind the changes has been: > > > > 1. A better separation between public-key certificates and > attribute > > certificates. > > > > 2. Use of a consistent terminology. > > > > 3. Use of a consistent editing style in accordance with the ITU-T > > editing guidelines.. > > > > 4. A new PKI component called trust broker assists a relying party > > validating a public-key certificate is included. > > > > 5. IEC TC57 WG15 has identified a requirement for a feature first > > called whitelist but now the term is authorization and validation list > > is used. A proposal for such a feature is included in the amendment. > > > > The main goal has been to position X.509 for new challenges, such > > smart grid security and security for Internet of Things with battery > > driven devices, very short messages (can we put a 257 octets signature > > on a few octets message?) , short reaction time requirements, many > > millions of entities, etc. This is all very different from Web-based > systems. > > > > Kind regards, > > > > Erik > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > pkix mailing list > > pkix@ietf.org > > https://www.ietf.org/mailman/listinfo/pkix > > > > _______________________________________________ > pkix mailing list > pkix@ietf.org > https://www.ietf.org/mailman/listinfo/pkix >
- [pkix] Next edition of X.509 Erik Andersen
- Re: [pkix] Next edition of X.509 Stephen Farrell
- Re: [pkix] Next edition of X.509 Erik Andersen
- Re: [pkix] Next edition of X.509 Stephen Farrell
- Re: [pkix] Next edition of X.509 Peter Bowen
- Re: [pkix] Next edition of X.509 Erik Andersen
- Re: [pkix] Next edition of X.509 Peter Bowen
- Re: [pkix] Next edition of X.509 Michael StJohns
- Re: [pkix] Next edition of X.509 Peter Bowen
- Re: [pkix] Next edition of X.509 Santosh Chokhani
- Re: [pkix] Next edition of X.509 Erwann Abalea
- Re: [pkix] Next edition of X.509 Santosh Chokhani
- Re: [pkix] Next edition of X.509 Peter Bowen
- Re: [pkix] Next edition of X.509 Erwann Abalea
- Re: [pkix] Next edition of X.509 Stephen Farrell
- Re: [pkix] Next edition of X.509 Santosh Chokhani
- Re: [pkix] Next edition of X.509 Peter Bowen
- Re: [pkix] Next edition of X.509 Stephen Farrell
- Re: [pkix] Next edition of X.509 Erik Andersen
- Re: [pkix] Next edition of X.509 Erik Andersen
- Re: [pkix] Next edition of X.509 Peter Bowen
- Re: [pkix] Next edition of X.509 Martin Rex
- Re: [pkix] Next edition of X.509 Wei Chuang
- Re: [pkix] Next edition of X.509 Erik Andersen
- Re: [pkix] Next edition of X.509 Jeffrey Walton
- Re: [pkix] Next edition of X.509 Erwann Abalea