RE: Upper Bounds for X.509
"Erik Andersen" <era@tdcadsl.dk> Fri, 26 October 2007 10:32 UTC
Return-path: <owner-ietf-pkix@mail.imc.org>
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IlMUU-0007vE-Eu for pkix-archive@lists.ietf.org; Fri, 26 Oct 2007 06:32:34 -0400
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IlMUG-0007J6-U7 for pkix-archive@lists.ietf.org; Fri, 26 Oct 2007 06:32:32 -0400
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l9Q9RrXF045874 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 26 Oct 2007 02:27:53 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l9Q9Rrhu045873; Fri, 26 Oct 2007 02:27:53 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from pfepa.post.tele.dk (pfepa.post.tele.dk [195.41.46.235]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l9Q9RpO7045864 for <ietf-pkix@imc.org>; Fri, 26 Oct 2007 02:27:52 -0700 (MST) (envelope-from era@tdcadsl.dk)
Received: from morten (0x503ff080.albnxx10.adsl-dhcp.tele.dk [80.63.240.128]) by pfepa.post.tele.dk (Postfix) with ESMTP id 87826FAC04E; Fri, 26 Oct 2007 11:27:48 +0200 (CEST)
From: Erik Andersen <era@tdcadsl.dk>
To: 'Russ Housley' <housley@vigilsec.com>, 'Hoyt L Kesterson II' <hoytkesterson@earthlink.net>, ietf-pkix@imc.org
Subject: RE: Upper Bounds for X.509
Date: Fri, 26 Oct 2007 11:28:41 +0200
Message-ID: <000101c817b2$99ff1db0$0100a8c0@morten>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.6822
In-Reply-To: <200710221034.l9MAYKwt097035@balder-227.proper.com>
Importance: Normal
Thread-Index: AcgUofmawl/U3apHTzSftthhyN1X/gDEF5dg
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 82c9bddb247d9ba4471160a9a865a5f3
PKIX could impose upper bounds on anything they want without this being reflected in the ASN.1, but in English text. Erik Andersen Andersen's L-Service Mobile: +45 20 97 14 90 e-mail: era@tdcadsl.dk http://www.x500standard.com/ http://home20.inet.tele.dk/era/me > -----Original Message----- > From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-pkix@mail.imc.org] > On Behalf Of Russ Housley > Sent: 22. oktober 2007 11:34 > To: Hoyt L Kesterson II; ietf-pkix@imc.org > Subject: Re: Upper Bounds for X.509 > > > Hoyt: > > One never knows which non-critical extensions might be put in a > certificate. Remember when Bob Jueneman was advocating pictures in > certificates.... > > Russ > > > At 04:30 AM 10/22/2007, Hoyt L Kesterson II wrote: > > >Steven, I didn't say it was an attractive option. I have always been > >against these limits. > > > >Peter Gutmann recommended that "reasonable" upper bounds be set, > >e.g. thousand characters for a common name. But it appears his > >concern is about erratic operation when the certificate itself it huge. > > > >It may be more reasonable to set a max size on the entire > >certificate than on the individual components that comprise it. > > > > hoyt > > > > >Hoyt, > > > > > >Hoyt L Kesterson II wrote: > > >>Another option is to keep the bounds as we have them and have the > > IETF standard mandate the bounds, choosing any values you like. > > > > > >Then directory deployments would have to choose between being nice > > >to PKIX applications by imposing PKIX's upper bounds, or being > > >nice to other LDAP applications by not imposing upper bounds. > > > > > >Regards, > > >Steven
- Re: Upper Bounds for X.509 Steven Legg
- Upper Bounds for X.509 Erik Andersen
- Re: Upper Bounds for X.509 Russ Housley
- Re: Upper Bounds for X.509 Hoyt L Kesterson II
- Re: Upper Bounds for X.509 Hoyt L Kesterson II
- Re: Upper Bounds for X.509 Peter Gutmann
- Re: Upper Bounds for X.509 Steven Legg
- Re: Upper Bounds for X.509 Hoyt L Kesterson II
- Re: Upper Bounds for X.509 Russ Housley
- RE: Upper Bounds for X.509 Erik Andersen