Re: Comments to PKIX AC profile
Stephen Farrell <stephen.farrell@baltimore.ie> Tue, 17 April 2001 13:15 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id JAA06911 for <pkix-archive@odin.ietf.org>; Tue, 17 Apr 2001 09:15:04 -0400 (EDT)
Received: from localhost (daemon@localhost) by above.proper.com (8.9.3/8.9.3) with SMTP id GAA13331; Tue, 17 Apr 2001 06:14:21 -0700 (PDT)
Received: by mail.imc.org (bulk_mailer v1.12); Tue, 17 Apr 2001 06:14:19 -0700
Received: from balinese.baltimore.ie (firewall-user@pc215-8.indigo.ie [194.125.215.8]) by above.proper.com (8.9.3/8.9.3) with ESMTP id GAA13297 for <ietf-pkix@imc.org>; Tue, 17 Apr 2001 06:14:17 -0700 (PDT)
Received: by balinese.baltimore.ie; id OAA23693; Tue, 17 Apr 2001 14:14:16 +0100 (GMT/IST)
Received: from emeairlsw1.ie.baltimore.com(10.153.25.53) by balinese.baltimore.ie via smap (V4.2) id xma023458; Tue, 17 Apr 01 14:13:18 +0100
Received: from bobcat.baltimore.ie (bobcat.ie.baltimore.com) by emeairlsw1.baltimore.com (Content Technologies SMTPRS 4.2.1) with ESMTP id <T52f8fdfc080a99193515a@emeairlsw1.baltimore.com>; Tue, 17 Apr 2001 14:11:52 +0100
Received: from baltimore.ie (cis-flcat1.ie.baltimore.com [10.153.24.220]) by bobcat.baltimore.ie (8.9.3/8.9.3) with ESMTP id OAA27985; Tue, 17 Apr 2001 14:16:10 +0100
Message-ID: <3ADC415C.CECBE1CB@baltimore.ie>
Date: Tue, 17 Apr 2001 14:13:00 +0100
From: Stephen Farrell <stephen.farrell@baltimore.ie>
Reply-To: stephen.farrell@baltimore.ie
Organization: Baltimore Technologies Ltd.
X-Mailer: Mozilla 4.72 [en] (WinNT; U)
X-Accept-Language: en
MIME-Version: 1.0
To: "Pawling, John" <John.Pawling@GetronicsGov.com>
CC: "ietf-pkix@imc. org (E-mail)" <ietf-pkix@imc.org>
Subject: Re: Comments to PKIX AC profile
References: <0B95FB5619B3D411817E006008A59259692963@wfhqex06.gfgsi.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Precedence: bulk
List-Archive: http://www.imc.org/ietf-pkix/mail-archive/
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: mailto:ietf-pkix-request@imc.org?body=unsubscribe
Content-Transfer-Encoding: 7bit
Hi John,
You're right about the EXPLICIT, but can't I just change the current
module to (the 509-2000 compatible) IMPLICIT tagging rather than add a
whole new module? (Maybe that's what you meant.)
Same thing for clearance: I'll make the change you suggest.
BTW: both of these break code, so anyone with code compliant to the
-06 I-D, who has a reason not to make the change should yell about
this now.
Regards,
Stephen (who just hates sneaky tagging:-)
"Pawling, John" wrote:
>
> All,
>
> In a separate message, Stephen Henson reported an incompatibility between
> the Attribute Certificate (AC) ASN.1 syntaxes defined in the PKIX AC Profile
> for Authorization <draft-ietf-pkix-ac509prof-06.txt> and draft 2000 X.509
> Recommendation (4th Edition, Draft V7, 23 Feb 2001).
> The PKIX AC Profile, Appendix B, ASN.1 module includes "DEFINITIONS EXPLICIT
> TAGS ::=", but the 2000 X.509 Recommendation ASN.1 module defining the AC
> syntax includes "DEFINITIONS IMPLICIT TAGS ::=". Recommend that the PKIX AC
> Profile should be changed so that the AC ASN.1 syntax is equivalent (i.e.
> produces the identical ASN.1 hex encoding) to that defined in the draft 2000
> X.509 Recommendation. This could be accomplished by moving the AC syntax
> definition (and component syntax definitions) from the existing Appendix B
> module to a new ASN.1 module that includes "DEFINITIONS IMPLICIT TAGS ::=".
> That is the strategy used in the draft 2000 X.509 Recommendation.
>
> Also, recommend that ac509prof-06 file should be changed so that the
> Clearance attribute ASN.1 syntax defined in Appendix B is equivalent to that
> defined in X.501. X.501 defines the Clearance attribute syntax using
> AUTOMATIC TAGS. The Clearance attribute syntax in the PKIX AC profile
> should be changed as follows to be consistent with X.501:
>
> Clearance ::= SEQUENCE
> {
> policyId
> [0] OBJECT IDENTIFIER,
> classList
> [1] ClassList DEFAULT {unclassified},
> securityCategories
> [2] SET OF SecurityCategory OPTIONAL
> }
>
> ===========================================
> John Pawling, John.Pawling@GetronicsGov.com
> Getronics Government Solutions, LLC
> ===========================================
--
____________________________________________________________
Stephen Farrell
Baltimore Technologies, tel: (direct line) +353 1 881 6716
39 Parkgate Street, fax: +353 1 881 7000
Dublin 8. mailto:stephen.farrell@baltimore.ie
Ireland http://www.baltimore.com
- Comments to PKIX AC profile Pawling, John
- Re: Comments to PKIX AC profile Stephen Farrell
- RE: Comments to PKIX AC profile Pawling, John
- Re: Comments to PKIX AC profile Russ Housley