FW: new version of draft on additional x509 certificate schema fo r LDAP

Tyler Johnson trjohns1 at EMAIL.UNC.EDU
Thu Nov 7 11:19:35 EST 2002 

The goal of H.LDAP is to define LDAP representations of elements used by
  multimedia conferencing protocols. In particular, H.235 specifies the
use of X.509 certificates. We currently represent this attribute with
the syntax 1.3.6.1.4.1.1466.115.121.1.8. We are looking further at
whether the proposed changes will affect this. Further, we are
investigating whether h.235 requires the extended attributes defined here.

In general, only the attributes referenced in h.235 would be referrenced
in H.LDAP, so that will be the focus of our investigation, along with
new references that may be present in the upcoming h.235 version 3.

Tyler Johnson


Euchner Martin ICN M SR 3 wrote:
> The following ID (and some referenced LDAP schemata IDs inside) may be
> related to the work of directory services architecture.
>
> I should note that I've not deeply looked into the document yet, but perhaps
> the H.LDAP experts may want to share an opinion?
>
> With kind regards
>
>
> Martin Euchner.
> -----------------------------------------------------------------------
> | Dipl.-Inf.                     Rapporteur Q.G/SG16
> | Martin Euchner                 Phone: +49 89 722 55790
> | Siemens AG.....................Fax  : +49 89 722 62366
> | ICN M SR 3                     mailto:Martin.Euchner at icn.siemens.de
> |                                mailto:martin.euchner at ties.itu.int
> | Hofmannstr. 51                 Intranet:
> http://intranet.icn.siemens.de/marketing/cs27/topics/security/
> | D-81359 Muenchen               Internet: http://www.siemens.de/
> | __________________
> | Germany
> -----------------------------------------------------------------------
>
>  -----Original Message-----
> From:   Peter Gietz [mailto:Peter.Gietz at daasi.de]
> Sent:   Tuesday, November 05, 2002 2:12 PM
> To:     Ietf-Pkix
> Subject:        new version of draft on additional x509 certificate schema
> for LDAP
>
>
> Hello all,
>
> There is a new version of  "An LDAPv3 Schema for X.509 certificates",
> which I sent to the Internet Drafts Editor.
>
> You can find the document at
> http://www.directory.dfn.de/docs/draft-klasen-ldap-x509certificate-schema-01
> .txt
>
> The changes to version 00 are noted in Apendix C.
> You might remember my short presentation of the initial version at the
> pkix meeting at IETF 53.
>
> There are still some questions to handel:
>
> - Is it possible to get a short time-slot at thje Atlanta meeting for
> presenting the changes of this new version?
>
> - Can and should this draft be work of the pkix group and should the
> discussion about it be held on this list instead of in private email
>  communications?
> - The draft introduces new naming attributes that should be included
> into David's Draft "LDAPv3 DN strings for use with PKIs"
>   <draft-ietf-pkix-dnstrings-00.txt>. Besides x509issuer and
> x509serialNumber the allready widely used attribute emailaddress (email)
>   should be taken into account.
> - The draft does not yet address the problem that there are "LDAPish"
> implementations that are not able to support multi-valueelds RDNs
>  (e.g.  x509serialNumber=1234+x509issuer=<dn of a CA>).
>   Shall this be addressed by including a third name form with yet
> another naming attribute x509issuerSerial?
> - The draft does only describe fields described in RFC 3280. Should it
> also deal with Qualified certificates (RFC 3039)?
> - Should it also take into account things like userGroupName
> (draft-ietf-pkix-usergroup-01)
> - Should it also take into account things like Permanent Identifier
> (draft-ietf-pkix-pi-05.txt and draft-chadwick-pkix-pidn-00.txt)?
>
> I wanted to get some feedback on these questions before including
> respective language into the draft.
>
> Two more questions:
>
> - should revocation information be stored in a similiar fashion. And if
> so how: 1.) Metadata attributes for CRLs or 2.) revocation relevant
> attributes attached to the certificate entries.
> - should attribute certificates be stored in a similiar fashion?
>
>
> I would love to receive comments on all this from this group.
>
> Cheers,
>
> Peter
>
>

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
For help on this mail list, send "HELP ITU-SG16" in a message to
listserv at lists.intel.com

More information about the sg16-avd mailing list