Re: 509 Feb/Mar Meeting Summary

[Phil Griffin <phil.griffin@xxxxxxxxx>]

> Sharon Boeyen wrote:
> 
> During the recent 509 meeting we addressed the comments received on
> the Working Document on new
> X.509 enhancements, the ballot results on defect resolutions and new
> defect reports.
> The revised WD on 509 enhancements and the defect related documents
> will be available
> shortly from the ftp site maintained by Hoyt Kesterson (he'll send an
> email when they're
> all there). If anyone needs a copy of these in advance of that, please
> let me know. Here is
> a brief summary of the agreements made at the meeting.
> 
> The technical changes to the WD as a result of this meeting are:
> - Issue 6 - the syntax of xmlPrivilegeInfo was changed from OCTET
> STRING to UTF8String

This piece still needs work, as it fails to address
business needs of the ASN.1 XER using community, and
seems to wish to endorse OASIS SAML, a piece of work
not even recognized internationally and based on the
W3C XSD schema, which I've been told by OASIS is 
being harmonized along with many of the other XML
schema contenders into a (if you will) meta schema.

Why Directory leaps out to endorse this schema notation
while it ignores the ASN.1 XML schema is beyond my
comprehension. Just this week, OASIS UBL agreed to
support ASN.1 in its work, and ASN.1 is the primary
XML schema being used in OASIS XML Common Biometric
Format (XCBF), the proposed X9F3 X9.96 XML Cryptographic
Message Syntax, and is being considered for inclusion
in the Time Stamping standard being progressed though
JTC1. SC27.

Phil



> - Issue 13 - the SOA constraint extension was deleted. In its place is
> a new issue on SOA identifier and
>   cross-certification
> - Issue 14 - The old issue regarding multiple roles was deleted. In
> its place is a new issue that defines
>   an attribute and object class for storing privilege policy within
> attribute certificates.
> - Issue 15 - new revocation reason codes. Two earlier proposals (cert
> issued
>   in error and change of revocation reason) will not have new reason
> codes added, but instead
>   additional text was added to clarify how to signal these. Also a new
> question was added to this
>   issue regarding the potential need for a new code to indicate that
> an algorithm is expected to
>   be weak and therefore future revocation of a cert is anticipated.
> - Issue 24 - a new issue added to deal with the general requirements
> to handle addition of
>   new reason codes.
> Issue 25 - a new informative annex regarding client side settings for
> policy for path validation
>   (note this one is related to DR 289)
> 
> In terms of Defect Reports (DR) and Draft Technical Corrigenda (DTC)
> ballots:
> DTC 4 against 4th edition (DR 284,285 & 286) was approved and will be
> published as TC 2
> DTC 11 against 3rd edition (DR 285) was approved and will be published
> as TC 4
> 
> DTC 3 against 4th edition (DR 280, 281 & 282) was revised based on
> ballot comments and
>           will be re-ballotted because of the significant amount of
> change
> 
> There is also a set of new defect reports that were discussed and
> resolutions for these will
> also be sent for ballot. The new DRs are:
> 
> DR 289 on path processing - re acceptable policies
> DR 291 on use of 'encipherment' term in definition of certificates
> DR 294 to replace the DER rules in X.509 with reference to ASN.1 DER
> DR 296 on default distribution points
> DR 297 on CRL issuance requirements
> DR 298 on partioned CRLs
> 
> Sharon
> 
> Sharon Boeyen
> Principal, Advanced Security
> Tel: 613 270 3181
> www.entrust.com
> 
> Entrust, Inc.
> Securing the Internet