FW: New Liaison Statement, "Liaison to IETF on the removal of upper bound in X.509"

Stefan Santesson <stefans@microsoft.com> Fri, 05 October 2007 14:24 UTC

Return-path: <owner-ietf-pkix@mail.imc.org>
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Ido5x-00068v-D4 for pkix-archive@lists.ietf.org; Fri, 05 Oct 2007 10:24:01 -0400
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Ido5k-0007ZT-AD for pkix-archive@lists.ietf.org; Fri, 05 Oct 2007 10:23:57 -0400
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l95DRj0T013430 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 5 Oct 2007 06:27:45 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l95DRjq5013429; Fri, 5 Oct 2007 06:27:45 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from smtp-dub.microsoft.com (smtp-dub.microsoft.com [213.199.138.191]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l95DRg0w013422 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO) for <ietf-pkix@vpnc.org>; Fri, 5 Oct 2007 06:27:44 -0700 (MST) (envelope-from stefans@microsoft.com)
Received: from dub-exhub-c302.europe.corp.microsoft.com (65.53.213.92) by DUB-EXGWY-E801.partners.extranet.microsoft.com (10.251.129.1) with Microsoft SMTP Server (TLS) id 8.1.177.2; Fri, 5 Oct 2007 14:27:42 +0100
Received: from EA-EXMSG-C320.europe.corp.microsoft.com ([65.53.221.75]) by dub-exhub-c302.europe.corp.microsoft.com ([65.53.213.92]) with mapi; Fri, 5 Oct 2007 14:27:41 +0100
From: Stefan Santesson <stefans@microsoft.com>
To: "ietf-pkix@vpnc.org" <ietf-pkix@vpnc.org>
Date: Fri, 05 Oct 2007 14:27:41 +0100
Subject: FW: New Liaison Statement, "Liaison to IETF on the removal of upper bound in X.509"
Thread-Topic: New Liaison Statement, "Liaison to IETF on the removal of upper bound in X.509"
Thread-Index: AcgHSgCkrXksVEQKSDeFNnXWOUTAxgACTagg
Message-ID: <E75F200AF1718F45B2024A88C3141A1D06437A82F3@EA-EXMSG-C320.europe.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from base64 to 8bit by balder-227.proper.com id l95DRi0v013424
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 8b431ad66d60be2d47c7bfeb879db82c

Forwarding a liaison e-mail from ISO/ITU.

This seems like a very reasonable change to me, but please review and provide feedback.


Stefan Santesson
Senior Program Manager
Windows Security, Standards


-----Original Message-----
From: Xiaoya Yang [mailto:tsbsg17@itu.int]
Sent: den 5 oktober 2007 14:19
To: Russ Housley; Stefan Santesson
Cc: Herbert Bertine; tsbsg17@itu.int; era@tdcadsl.dk; Xiaoya YANG; tsbsg17@itu.int; era@tdcadsl.dk
Subject: New Liaison Statement, "Liaison to IETF on the removal of upper bound in X.509"


Title: Liaison to IETF on the removal of upper bound in X.509
Submission Date: 2007-10-05
URL of the IETF Web page: https://datatracker.ietf.org/public/liaison_detail.cgi?detail_id=376
Please reply by 2008-03-01

From: Xiaoya Yang(ITU-T SG 17) <tsbsg17@itu.int>
To: IETF/PKIX(Russ Housley <housley@vigilsec.com>, Stefan Santesson <stefans@microsoft.com>)
Cc: Herbert Bertine <hbertine@alcatel-lucent.com>
<tsbsg17@itu.int>
<era@tdcadsl.dk>
Reponse Contact: Xiaoya YANG <xiaoya.yang@itu.int>
<tsbsg17@itu.int>
Technical Contact: <era@tdcadsl.dk>
Purpose: For action
Body: In relation to resolve a Defect Report, it appears to majority within the X.500 community to remove hard-coded length restriction whenever a DirectoryString is used.
In response to developer demand in the early days of the standard X.520 contained a list of maximum lengths for a variety of string types, e.g., organizationalName.  The values specified were non-normative.  However, some implementers treated the values as normative.  This has caused interoperability problem with implementations.
We plan to remove the upper bounds specified in the standard. In particular we intend to eliminate the Upper Bounds for DirectoryString.
The proposal does not change the definition of DirectoryString, but attribute definitions will look slightly different.  As an example, street address may

streetAddress{INTEGER:maxSize}  ATTRIBUTE  ::=  {
        WITH SYNTAX                                     DirectoryString {maxSize}
        EQUALITY MATCHING RULE                  caseIgnoreMatch
        SUBSTRINGS MATCHING RULE                caseIgnoreSubstringsMatch
        ID                                                      id-at-streetAddress }
That means that at implementation time, the upper limit may be added if wanted. Otherwise an unlimited string may be assumed.
The proposal will not change the bits on the wire and we believe this is in line with what the PXIX group is already doing.  We are forwarding this liaison to ensure that the PKIX group has no problem with this proposal.
Please confirm that you have no objection to our removal of upper bounds.
Attachment(s):
No document has been attached