Re: FW: ldapv2-schema and CA Certificates

[Russ Housley <housley@xxxxxxxxxx>]

Sharon:

PKIX is the Internet PKI using X.509, so certainly alignment with the X.509
document is important.

Your note leads me to believe that this issue is not fully resolved in the
ISO/ITU-T fora.  Therefore, the IETF PKIX WG should determine the best
technical solution for the Internet community and try to influence the
X.509 document.

If the defect report resolution is not final, then the IETF PKIX WG should
not progress the schema document until we are confident that the X.509
document and the PKIX document are in alignment.

Russ


>From:	Sharon Boeyen <sharon.boeyen@entrust.com>
>Sent:	Wednesday, August 12, 1998 12:55 PM
>To:	            'ietf-pkix@imc.org'; 'Larry Layten'
>Subject:	RE: ldapv2-schema and CA Certificates
>
>Larry, 
>
>While I certainly appreciate that many dollars and hours have been spent on
>the US DOD 
>effort and on standards compliance, may I respectfully add that many other
>organizations
>around the globe have spent signficant dollars and resources defining PKI
>architectures, driving
>standards and conforming to them as well. 
>
>As just one additional example, the Government of Canada  PKI which is
>currently being deployed conforms to X.509 including the resolution of this
>particular defect. Certificates issued to to CAs by CAs within the
>Government of Canada PKI are placed in the crossCertificatePairs attribute. 
>
>As a participant in the X.509 standard effort since 1987, and as current
>editor of the ongoing X.509 project, I am very appreciative of the efforts
>put forward by all organizations in evolving X.509. I also believe that we
>should leave it up to the X.509 group to determine whether the resolution of
>the defect report is in line with their own intent and not attempt to second
>guess them here. Let me also assure you that both the technical and what you
>call the "political" aspects of the issue were discussed in resolution of
>the defect by the X.509 group.
>
>Sharon