At 11:01 AM +1000 10/12/07, Steven Legg wrote:
Paul Hoffman wrote:Has the X.500 working group communicated that to the PKIX WG, or the IETF?Yes, in the liaison statement where it says "We plan to remove the upper bounds specified in the standard". The example change to X.520 suggests that "the standard" means more than just X.509.
With all due respect, "suggests" is not enough here. Further, the sentence you quoute is the only one in the whole liaison statement that talks about more than just DirectoryString.
Before the PKIX WG acts (such as changing RFC3280bis), we should get a clearer liaison statement, hopefully one that says "all upper bounds have been removed".
It has been established on this list that the upper bounds in X.500 have been non-normative since the second edition.
You said that in an earlier message. Could you point us to a specific section of a specific version of X.500 where that is true? Most of us are not X.500 users.
I had a closer look at RFC 3280. Some of the upper bounds originate from X.500, but there is a bunch of upper bounds constraining component parts of ORAddress that come from X.400, primarily the upper bounds with names ending with "-length". The former are in scope for the change contemplated by the X.500 working group, but the latter are not.
We can probably change things relating to X.400 without fear of real-world interop problems.
--Paul Hoffman, Director --VPN Consortium