Re: new version of draft on additional x509certificateschema for LDAP

[d.w.chadwick@xxxxxxxxxxxxx]

Date sent:      	Mon, 18 Nov 2002 21:47:54 +0100 (CET)
Subject:        	Re: new version of draft on additional x509certificateschema for LDAP
From:           	"Peter Gietz" <peter.gietz@xxxxxxxx>
To:             	<ietf-pkix@xxxxxxx>

> I don't yet think that there is a need for similiar AUXILIARY object
> classes. The whole idea behind our draft is to have an entry for each
> certificate, thus the thing that this entry is all about is the
> certificate, thus a typical use case for STRUCTURAL. Even if there will
> be the need in future to add additional data to such an entry, it can
> be done with auxiliary objectclasses sticked to these structural ones.
> 
> Does the latter conflict with your idea of packaging, David?

Yes. We already have a requirement for a common object class for all X.509 
attributes. (You can read this in our detailed design submitted to Terena at the 
end of last week). We need to search for all X.509 entries subordinate to a 
user's entry. Whilst it is true that we could search for multiple object classes 
(and update the code when new ones are defined), having a common object 
class containing common attributes, makes it easier and hopefully future proof. 
That's why I would like to hold off the final decision until we have published our 
Attribute Cert and CRL schema IDs

> 
> BTW: my first hesitance to define an ABSTRACT class, was that this is
> not done very often (in fact it will be the first one after top).

Actually I did this a few years ago when I defined Families of Entries

David

> But
> since it is a perfect means to prevent an instantiation without the
> certificate, why not go for it.
> 
> Cheers,
> 
> Peter
> 
> 
> 
> 
> 
>