[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ietf-pkix
Subject:    RE: draft-ietf-pkix-3281update-01.txt
From:       Russ Housley <housley () vigilsec ! com>
Date:       2008-10-28 14:34:54
Message-ID: 200810281438.m9SEbtpj071250 () balder-227 ! proper ! com
[Download RAW message or body]


<html>
<body>
I agree.&nbsp; However, I'd like to find out what document (or early
draft of a document) the existing OID was taken from.&nbsp; Basically, we
need to provide implementor guidance about both OIDs.<br><br>
Russ<br><br>
At 06:59 PM 10/27/2008, BRUMBY, Ian wrote:<br>
<blockquote type=cite class=cite cite=""><font size=2 color="#000080">
Since the over-the-wire encoding has been changed to be compatible with
X.501, and incompatible with RFC 3281, shouldn’t the OID of the attribute
be changed to match X.501?<br>
&nbsp;<br>
&nbsp;<br>
<hr>
<div align="center"></font></div>
<font face="Tahoma" size=2><b>From:</b> owner-ietf-pkix@mail.imc.org
[<a href="mailto:owner-ietf-pkix@mail.imc.org" eudora="autourl">
mailto:owner-ietf-pkix@mail.imc.org</a>] <b>On Behalf Of </b>Russ
Housley<br>
<b>Sent:</b> Tuesday, 28 October 2008 12:13 AM<br>
<b>To:</b> BRUMBY, Ian; ietf-pkix@imc.org<br>
<b>Subject:</b> RE: Rationales for CA clearance constraints<br>
</font><font face="Times New Roman, Times">&nbsp;<br>
This fact has been reported in an RFC Errata:<br><br>
Note that clearance was NOT defined in X.501(1993), but X.500(1997).
However, X.501(2005) may be the best reference for clearance.<br><br>
<br>
At 08:13 PM 10/26/2008, BRUMBY, Ian wrote:<br><br>
</font><font face="Times New Roman, Times" size=2 color="#000080">The
Clearance attribute is defined in the current X.501 (2001 and v6 draft)
with an OID of 2.5.4.55. RFC 3281 (as referenced by
draft-turner-caclearanceconstraints-01.txt) defines it as 2.5.1.5.55. It
refers to X.501-1993 as the source of this definition. I’ve dug up the
1993 standard and can’t find any reference to Clearance. If Clearance
Constraints are implemented, maybe it should be clarified if it
constrains X.501 (2003) Clearance attributes, if they are present in the
certificate, or specifically doesn’t constrain them.</font> <br><br>
<pre>&quot;Warning:
The information contained in this email and any attached files is
confidential to BAE Systems Australia. If you are not the intended
recipient, any use, disclosure or copying of this email or any
attachments is expressly prohibited.&nbsp; If you have received this
email
in error, please notify us immediately. VIRUS: Every care has been
taken to ensure this email and its attachments are virus free,
however, any loss or damage incurred in using this email is not the
sender's responsibility.&nbsp; It is your responsibility to ensure virus
checks are completed before installing any data sent in this email to
your computer.&quot;

</pre><font face="Courier New, Courier"></font></blockquote></body>
</html>

[prev in list] [next in list] [prev in thread] [next in thread]