[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: New LDAP Syntaxes Please
We cannot add new features to the "core" specification.
And I think WG consensus is that only the syntax detailed
in 2252bis would be listed in the table.
I note that 2252bis will need to note that X.509
schema was removed from the document. This note
should contain a non-normative reference to the
document containing the updated schema.
Also, the IETF doesn't manage 1.3.6.1.4.1.1466.115.121.1
(IIRC, Mark Wahl does). Of course, you can use any
properly assigned OID. We probably should arrange for an
OID under the IETF directory OID (1.3.6.1.1) for this
document.
Kurt
At 03:59 AM 2001-09-06, David Chadwick wrote:
>Kathy
>
>For my work within the PKIX certificate matching ID, I need the
>following new OIDs allocating to LDAP syntaxes. Can you add them to the
>table in draft-ietf-ldapbis-syntaxes-00, along with their definitions
>where appropriate.
>
>Thanks
>
>David
>
>Value being represented H-R OBJECT IDENTIFIER
>=====================================================================
>CertificateExactAssertion N 1.3.6.1.4.1.1466.115.121.1.x
>CertificateAssertion N 1.3.6.1.4.1.1466.115.121.1.y
>CertificateListExactAssertion N 1.3.6.1.4.1.1466.115.121.1.z
>certificateListAssertion N 1.3.6.1.4.1.1466.115.121.1.w
>AttributeCertificate N 1.3.6.1.4.1.1466.115.121.1.p
>AttributeCertificateExactAssertion N 1.3.6.1.4.1.1466.115.121.1.m
>AttributeCertificateAssertion N 1.3.6.1.4.1.1466.115.121.1.n
>
>
>The first will be used for public key certificate exact matching, viz
>
>( 2.5.13.34 NAME 'certificateExactMatch'
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.x )
>
> The LDAP syntax definition is:
>
> ( 1.3.6.1.4.1.1466.115.121.1.x
> DESC 'Public Key Certificate Serial Number and Issuer Name' )
>
>The second will be used for general certificate matching,
>
>( 2.5.13.35 NAME 'certificateMatch'
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.y )
>
> The syntax definition is:
>
> ( 1.3.6.1.4.1.1466.115.121.1.y DESC 'Public Key Certificate Assertion'
>)
>
>
>The third is used for CRL exact matching, viz:
>
>( 2.5.13.38 NAME 'certificateListExactMatch'
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.z )
>
>
> The syntax definition is:
>
>( 1.3.6.1.4.1.1466.115.121.1.z
> DESC 'CRL Issuer name, time and distribution point name' )
>
>The fourth is used for CRL matching, viz:
>
>( 2.5.13.39 NAME 'certificateListMatch'
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.w )
>
>The syntax definition is:
>
> ( 1.3.6.1.4.1.1466.115.121.1.w DESC 'Certificate List Assertion' )
>
>The fifth will be used for the AttributeCertificate attribute
>definition.
>
> ( 2.5.4.58 NAME 'attributeCertificateAttribute'
> EQUALITY attributeCertificateExactMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.p )
>
>(Note the name could be abbreviated to AC in the definition and for
>passing in the LDAP protocol, if AC has not already been used by
>anything else)
>
>The sixth will be used for AC exact matching.
>
>( 2.5.13.45 NAME 'attributeCertificateExactMatch'
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.m )
>
> The syntax definition is:
>
> ( 1.3.6.1.4.1.1466.115.121.1.m DESC 'Attribute certificate serial
> number and public key issuer and serial number' )
>
>The seventh is used for general AC matching. The LDAP definition of the
>attributeCertificateMatch matching rule
> is:
>
> ( 2.5.13.42 NAME 'attributeCertificateMatch'
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.n )
>
> The syntax definition is:
>
> ( 1.3.6.1.4.1.1466.115.121.1.n
> DESC 'Attribute Certificate Assertion' )