The goal of H.LDAP is to define LDAP representations of elements used by multimedia conferencing protocols. In particular, H.235 specifies the use of X.509 certificates. We currently represent this attribute with the syntax 1.3.6.1.4.1.1466.115.121.1.8. We are looking further at whether the proposed changes will affect this. Further, we are investigating whether h.235 requires the extended attributes defined here.

In general, only the attributes referenced in h.235 would be referrenced in H.LDAP, so that will be the focus of our investigation, along with new references that may be present in the upcoming h.235 version 3.

Tyler Johnson

Euchner Martin ICN M SR 3 wrote:

The following ID (and some referenced LDAP schemata IDs inside) may be related to the work of directory services architecture.

I should note that I've not deeply looked into the document yet, but perhaps the H.LDAP experts may want to share an opinion?

With kind regards

Martin Euchner.

| Dipl.-Inf. Rapporteur Q.G/SG16 | Martin Euchner Phone: +49 89 722 55790 | Siemens AG.....................Fax : +49 89 722 62366 | ICN M SR 3 mailto:Martin.Euchner@icn.siemens.de | mailto:martin.euchner@ties.itu.int | Hofmannstr. 51 Intranet: http://intranet.icn.siemens.de/marketing/cs27/topics/security/ | D-81359 Muenchen Internet: http://www.siemens.de/ | __________________ | Germany

---

-----Original Message----- From: Peter Gietz [mailto:Peter.Gietz@daasi.de] Sent: Tuesday, November 05, 2002 2:12 PM To: Ietf-Pkix Subject: new version of draft on additional x509 certificate schema for LDAP

Hello all,

There is a new version of "An LDAPv3 Schema for X.509 certificates", which I sent to the Internet Drafts Editor.

You can find the document at http://www.directory.dfn.de/docs/draft-klasen-ldap-x509certificate-schema-01 .txt

The changes to version 00 are noted in Apendix C. You might remember my short presentation of the initial version at the pkix meeting at IETF 53.

There are still some questions to handel:

• Is it possible to get a short time-slot at thje Atlanta meeting for

presenting the changes of this new version?

• Can and should this draft be work of the pkix group and should the

discussion about it be held on this list instead of in private email communications?

• The draft introduces new naming attributes that should be included

into David's Draft "LDAPv3 DN strings for use with PKIs" <draft-ietf-pkix-dnstrings-00.txt>. Besides x509issuer and x509serialNumber the allready widely used attribute emailaddress (email) should be taken into account.

• The draft does not yet address the problem that there are "LDAPish"

implementations that are not able to support multi-valueelds RDNs (e.g. x509serialNumber=1234+x509issuer=<dn of a CA>). Shall this be addressed by including a third name form with yet another naming attribute x509issuerSerial?

• The draft does only describe fields described in RFC 3280. Should it

also deal with Qualified certificates (RFC 3039)?

• Should it also take into account things like userGroupName

(draft-ietf-pkix-usergroup-01)

• Should it also take into account things like Permanent Identifier

(draft-ietf-pkix-pi-05.txt and draft-chadwick-pkix-pidn-00.txt)?

I wanted to get some feedback on these questions before including respective language into the draft.

Two more questions:

• should revocation information be stored in a similiar fashion. And if

so how: 1.) Metadata attributes for CRLs or 2.) revocation relevant attributes attached to the certificate entries.

• should attribute certificates be stored in a similiar fashion?

I would love to receive comments on all this from this group.

Cheers,

Peter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For help on this mail list, send "HELP ITU-SG16" in a message to listserv@lists.intel.com