[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: FW: ldapv2-schema and CA Certificates

To: sharon.boeyen@xxxxxxxxxxx, "'Russ Housley'" <housley@xxxxxxxxxx>
Subject: RE: FW: ldapv2-schema and CA Certificates
From: Sharon Boeyen <sharon.boeyen@xxxxxxxxxxx>
Date: Fri, 14 Aug 1998 08:21:08 -0400
Cc: kpcm@xxxxxxxxxxxxxxxxxxxxxxxx, ietf-pkix@xxxxxxx, yee@xxxxxxxxxx
Sender: owner-ietf-pkix@xxxxxxx

Absolutely correct. I hope I've not given anyone the impression that I would
be happy with divergent standards because that is certainly not the case.
The text produced at the X.509 meeting in January is supposed to be issued
for ISO ballot. IETF, as a liaison organization is able to submit formal
comments (I believe) in response to that ballot and certainly those of us
who participate in both forums can carry the position informally as well. 

I am trying to contribute technically to the PKIX position and am proposing
schema which I  believe is able to support the needs expressed for
optimization based on internal certificates as well as optimization based on
any other criteria which can be matched in the certificates themselves,
without requiring any client systems in either environment to ever have to
match on two attributes or make two calls to the same directory entry. I
believe that the extensible match capability in search operations satisfies
both while penalizing neither from the standpoint of functionality. 

> ----------
> From: 	Russ Housley[SMTP:housley@spyrus.com]
> Sent: 	August 13, 1998 7:03 PM
> To: 	sharon.boeyen@entrust.com
> Cc: 	kpcm@postoffice.xservices.com; ietf-pkix@imc.org; yee@spyrus.com
> Subject: 	Re: FW: ldapv2-schema and CA Certificates
> 
> Sharon:
> 
> PKIX is the Internet PKI using X.509, so certainly alignment with the
> X.509
> document is important.
> 
> Your note leads me to believe that this issue is not fully resolved in the
> ISO/ITU-T fora.  Therefore, the IETF PKIX WG should determine the best
> technical solution for the Internet community and try to influence the
> X.509 document.
> 
> If the defect report resolution is not final, then the IETF PKIX WG should
> not progress the schema document until we are confident that the X.509
> document and the PKIX document are in alignment.
> 
> Russ
> 
> 
> >From:	Sharon Boeyen <sharon.boeyen@entrust.com>
> >Sent:	Wednesday, August 12, 1998 12:55 PM
> >To:	            'ietf-pkix@imc.org'; 'Larry Layten'
> >Subject:	RE: ldapv2-schema and CA Certificates
> >
> >Larry, 
> >
> >While I certainly appreciate that many dollars and hours have been spent
> on
> >the US DOD 
> >effort and on standards compliance, may I respectfully add that many
> other
> >organizations
> >around the globe have spent signficant dollars and resources defining PKI
> >architectures, driving
> >standards and conforming to them as well. 
> >
> >As just one additional example, the Government of Canada  PKI which is
> >currently being deployed conforms to X.509 including the resolution of
> this
> >particular defect. Certificates issued to to CAs by CAs within the
> >Government of Canada PKI are placed in the crossCertificatePairs
> attribute. 
> >
> >As a participant in the X.509 standard effort since 1987, and as current
> >editor of the ongoing X.509 project, I am very appreciative of the
> efforts
> >put forward by all organizations in evolving X.509. I also believe that
> we
> >should leave it up to the X.509 group to determine whether the resolution
> of
> >the defect report is in line with their own intent and not attempt to
> second
> >guess them here. Let me also assure you that both the technical and what
> you
> >call the "political" aspects of the issue were discussed in resolution of
> >the defect by the X.509 group.
> >
> >Sharon
>

Prev by Date: Re: ldapv2-schema and CA Certificates
Next by Date: Re: ldapv2-schema and CA Certificates
Previous by thread: Re: ldapv2-schema and CA Certificates
Next by thread: RE: ldapv2-schema and CA Certificates
Index(es):
- Date
- Thread