[Date Prev][Date Next] [Chronological] [Thread] [Top]

X.509 certificate schema (Re: Syntax open issues)

To: Kathy Dally <kdally@mitre.org>
Subject: X.509 certificate schema (Re: Syntax open issues)
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Mon, 25 Jun 2001 20:58:00 -0700
Cc: ietf-ldapbis@OpenLDAP.org
In-reply-to: <3B37DB6C.66966E36@mitre.org>
References: <5.1.0.14.0.20010625144327.00ae9d30@127.0.0.1>

I believe that further standardization of X.509 certificate
schema for LDAPv3 is quite important.  In particular, the
X.509 certificate schema needs to get fixed.

The "core" specification also needs to consistently reference
X.500. It needs to reference a single edition, the 2nd.

We should avoid recycling the "core" specification at Proposed
if at all possible.  Fixing the certificate schema or including
material allowing references to multiple X.500 editions will
likely cause recycling.

For these reasons, I suggested removing the broken certificate
schema from the "core" specification and working with PKIX
WG to include fixed certificate schema in their LDAPv3 schema
document.  I have contacted the PKIX'ers and find they are
willing and able to do the necessary schema work as part
of their existing work.

As far as the problem you raise, this can be somewhat
mitigated by stating in the Changes section something like:

  - Certificate schema removed.  Updated certificate
    schema is specified in [insert reference].

Kurt

References:
- Syntax open issues
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: Syntax open issues
  - From: Kathy Dally <kdally@mitre.org>

Prev by Date: Re: Syntax open issues
Next by Date: Substring Assertion syntax
Index(es):
- Chronological
- Thread