Here are my recommendations to the PKIX WG:
The PKIX WG should not take on engineering of a PKI-specific solution to the certificate matching / returning problems which draft-klasen-ldap-x509certificate-schema. General solutions suitable for standardization exist to resolve these problems.
The PKIX WG should, as part of its PKI LDAPv3 applicability statement work, detail requirements of PKI implementations to support: a) existing LDAP PKI schema (as revised by PKIX WG) b) component matching rule extension c) matched values control extension
The PKIX WG should revise the LDAPv3 PKI Schema in a manner which preserves existing interoperability (e.g., add missing matching rules to userCertificate and friends, fix up reference to X.509, etc.).
At 02:18 PM 1/3/2003, Russ Housley wrote: >I must voice my disagreement with this approach, again.
Let me rephrase the part I think you object to:
I have no objection to the proponents of draft-klasen-ldap-x509certificate-schema continuing to pursuing their work on an individual basis. In its current form, I would oppose publication as a non-Experimental RFC. As an Experimental RFC, I would ask that an IESG Note be added to the document clarifying that the document details an alternative to existing and future IETF standards which implementors should favor.
Kurt