[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: New Liaison Statement, "Liaison to IETF on the removal of upper bound in X.509"
At 10:26 AM +1000 10/10/07, Steven Legg wrote:
The way out of this dilemma is for PKIX, LDAP and X.500 to agree
on the upper bounds. The consensus in the X.500 working group is
to completely remove the (non-normative) upper bounds, rather than
rejigging them.
Has the X.500 working group communicated that to the PKIX WG, or the IETF?
At 10:41 AM +1000 10/10/07, Steven Legg wrote:
- Do we object to the ITU making the upper bound on DirectoryString optional
They've been optional since the second edition of X.500. The defect
resolution will make that clearer, as well as steering away from
any specific suggestions for the upper bounds.
We disagree that this DR "will make it clearer". What was sent to the
PKIX WG said:
In relation to resolve a Defect Report, it appears to majority within
the X.500 community to remove hard-coded length restriction whenever
a DirectoryString is used.
. . .
We plan to remove the upper bounds specified in the standard. In
particular we intend to eliminate the Upper Bounds for
DirectoryString.
That does not sound anything like "They've been optional since the
second edition of X.500."
Could you get the X.500 working group to make it clear if they are
considering, or have already, removed the upper bounds on all the
X.500-related strings that Russ listed?
- Should we do anything to draft-ietf-pkix-rfc3280bis to reflect that
The answer to the first should be "no, we don't". Russ gave a list
that shows the the ITU has a *long* way to go before it gets rid of
the silly maximum lengths in X.509.
The defect resolution will throw them all out at the same time.
Where does it say that? The DR listed exactly one string type,
DirectoryString. Again, having this be clearer would help us out a
lot.
--Paul Hoffman, Director
--VPN Consortium