Re: FW: New Liaison Statement, "Liaison to IETF on the removal of upper bound in X.509"

Paul Hoffman <paul.hoffman@vpnc.org> Tue, 09 October 2007 23:05 UTC

Return-path: <owner-ietf-pkix@mail.imc.org>
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IfO8Z-0003M0-QQ for pkix-archive@lists.ietf.org; Tue, 09 Oct 2007 19:05:15 -0400
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IfO8O-0007KR-GE for pkix-archive@lists.ietf.org; Tue, 09 Oct 2007 19:05:05 -0400
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l99MPDb8019709 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 9 Oct 2007 15:25:13 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l99MPDEC019708; Tue, 9 Oct 2007 15:25:13 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from [192.168.1.100] (pool-72-76-39-171.nwrknj.fios.verizon.net [72.76.39.171]) (authenticated bits=0) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l99MP55V019696 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 9 Oct 2007 15:25:08 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
Mime-Version: 1.0
Message-Id: <p0624082cc331ad9846db@[192.168.1.100]>
In-Reply-To: <E75F200AF1718F45B2024A88C3141A1D06437A82F3@EA-EXMSG-C320.europe.corp.micr osoft.com>
References: <E75F200AF1718F45B2024A88C3141A1D06437A82F3@EA-EXMSG-C320.europe.corp.micr osoft.com>
Date: Tue, 9 Oct 2007 18:16:39 -0400
To: Stefan Santesson <stefans@microsoft.com>, "ietf-pkix@vpnc.org" <ietf-pkix@vpnc.org>
From: Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: FW: New Liaison Statement, "Liaison to IETF on the removal of upper bound in X.509"
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 856eb5f76e7a34990d1d457d8e8e5b7f

It seems like there are two questions here:

- Do we object to the ITU making the upper bound on DirectoryString optional

- Should we do anything to draft-ietf-pkix-rfc3280bis to reflect that

The answer to the first should be "no, we don't". Russ gave a list 
that shows the the ITU has a *long* way to go before it gets rid of 
the silly maximum lengths in X.509.

For me, the answer to the second question is "no" because of the 
large number of other silly limitations, most notably CommonName 
being 64 characters.

--Paul Hoffman, Director
--VPN Consortium