[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
LDAPv3 X.509 references (Was: Refering to X.500 editions)
I agree that that LDAPv3 "core" TS should reference only a single
edition of X.500. I also agree that the appropriate edition
to reference is X.500(93) as changing to X.500(97) or X.500(01)
would introduce numerous new features (such as "alternative"
DNs) which LDAPv3 just doesn't support.
I would like to see the LDAPv3 "core" TS only reference
X.500(93) as only this will remove the inherit ambiguity of
referencing multiple revisions of the Recommendations.
The references to X.500(96,97,98) only appear due to the
desire to support latest X.509 certificate schema. As been
noted on this list and elsewhere, there are significant issues
related to X.509 certificate schema in LDAPv3.
I believe these issues can be best addressed by splitting
X.509 certificate schema into a separate document. This
document would be rather straight forward to write and
would not only allow both the X.509 schema issues to be
addressed in a timely manner but would also allow LDAPbis
to produce a clearer Draft Standard.
Hence, I suggest we axe the X.509 certificate schema from
the LDAPv3 TS I-Ds and work with PKIX, who are already working
on X.509 PKI schema for LDAPv3, to see if they would be willing
to include the base X.509 certificate schema in
<draft-ietf-pkix-ldap-schema-01.txt>.
Kurt
At 11:32 AM 4/19/01, Kathy Dally wrote:
>Hi All!
>
>In RFC 2256 the X.500 reference is to 1996. Unfortunately, this is not
>an official date (see below). Since 1997 is closer to 1996 than 1993,
>the draft replacement for RFC 2256
>(<draft-ietf-ldapbis-user-schema-00.txt>) refers to X.500 (1997). In
>fact, RFC 2256 includes some attributes that were introduced in X.520
>(1997). However, other LDAPv3 core RFCs refer to X.500 (1993).
>
>In order to align the replacement RFCs, I propose to cite X.500 (1993)
>in the title and references of <draft-ietf-ldapbis-user-schema-01.txt>.
>In addition, X.520 (1997) should be a separate reference in the I-D, to
>be referred to when describing the new attributes.
>
>Does this make sense? Please let me know.
>
>Below is material about the different X.500 editions and their ISO/IEC
>9594 twins. Credit is given to Hoyt Kesterson, ISO/IEC 9594 Editor, for
>most of the information. I hope this will be useful to the WG.
>
>Thanks,
>Kathy Dally
>
>----------------
>
>Although the X.500 Recommendations and ISO/IEC 9594 were aligned in the
>first edition and identical ever since, the official dates on the
>standards are different:
>
> * X.500 Recs (ITU) date is the date of approval.
>
> * ISO/IEC 9594 date is the date of publication.
>
>Since a considerable amount of preparation is done between approval and
>publication, the dates of the two standards have been different:
>
> * first edition: X.500 (1988) and ISO/IEC 9594:1990
>
> * second edition: X.500 (1993) and ISO/IEC 9594:1995
>
> * third edition: X.500 (1997) and ISO/IEC 9594:1998
>
> * fourth edition, currently being published: X.500 (2001) and ISO/IEC
>9594:2001,
> except for X.509 (2000) and ISO/IEC 9594-8:2000
>
>Note that ISO/IEC also uses "edition" to mean the "issue number" of the
>part of 9594. This is the meaning of "Edition" on the face of ISO/IEC
>9594 parts. The key is the DATE.
>
>The first edition (overall) includes these recommendations and standard
>parts:
>
> * X.500 - ISO/IEC 9594-1
>
> * X.501 - ISO/IEC 9594-2
>
> * X.509 - ISO/IEC 9594-8
>
> * X.511 - ISO/IEC 9594-3
>
> * X.518 - ISO/IEC 9594-4
>
> * X.519 - ISO/IEC 9594-5
>
> * X.520 - ISO/IEC 9594-6
>
> * X.521 - ISO/IEC 9594-7
>
>The second edition added X.525 - ISO/IEC 9594-9:1995, 1st ed.
>
>The third edition added X.530 - ISO/IEC 9594-10:1998, 1st ed.
>
>The fourth edition does not have any additional recommendations or
>parts.