[Date Prev][Date Next] [Chronological] [Thread] [Top]
[ldapext] Fwd: I-D ACTION:draft-zeilenga-ldap-x509-00.txt

To: ietf-pkix@imc.org
Subject: [ldapext] Fwd: I-D ACTION:draft-zeilenga-ldap-x509-00.txt
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Thu, 21 Oct 2004 15:02:21 -0700
Cc: ldapext@ietf.org
At IETF#60, I stated that I would submit an I-D providing
LDAP schema descriptions for the certificate related
elements covered in RFC 2252/2256 but not covered in
LDAPBIS syntax/schema I-Ds, with matching rule corrections.
Though a submitted later than I had hoped, this is that I-D.
This I-D assumes familiarity with X.509 and other normative
references.

In addition, to the these elements, this document provides
LDAP schema descriptions for the elements discussed in
RFC 2587, namely the X.509 pkiUser and pkiCA classes.
Additionally, a few additional X.509 certificate related
matching rules were included for completeness.

The introduction of these rules requires introduction of
new LDAP syntaxes for the assertion values.  With the
exception of one syntax, these LDAP syntaxes are GSER-based.
The exception, certificateExactAssertion, utilizes the
syntax suggested by RFC 3876.   In a sequence revision
of the I-D, ABNF grammars for each of the GSER-based
formats will be provided for informational purposes.

As noted at IETF#60, the intent of this I-D is to provide
an RFC 2252/RFC2256 compatible specification for these
X.500 schema elements.  Hence, unlike the latest revisions
of draft-ietf-pkix-ldap-pki, this I-D mandates the use of
the ;binary transfer option to request and transfer
certificate (and related) attribute values.

There are a few other differences between this I-D and
draft-ietf-pkix-ldap-pki.  For instance, this I-D doesn't
offer LDAP schema descriptions for 'cpCPS' and
'pkiCertPath' object classes and related attribute
types, matching rules, and syntaxes.

Lastly, I did not attempt to state an applicability
statement for use of LDAP in Public Key Infrastructures.
This, I believe, is better left to separate I-D, possibly
titled "Internet X.509 Public Key Infrastructure Operational
Protocols - LDAPv3".   I intend to leave that to others
authors.

Comments welcomed.

Also, if there is available PKIX session time at IETF#61, I
would be happy to present proposal(s) to reconcile any
issues with this I-D.

Enjoy! Kurt

>To: i-d-announce@ietf.org
>From: Internet-Drafts@ietf.org
>Date: Wed, 20 Oct 2004 10:36:40 -0400
>Subject: I-D ACTION:draft-zeilenga-ldap-x509-00.txt
>Reply-To: internet-drafts@ietf.org
>
>A New Internet-Draft is available from the on-line Internet-Drafts directories.
>
>
>        Title           : LDAP X.509 Certificate Schema
>        Author(s)       : K. Zeilenga
>        Filename        : draft-zeilenga-ldap-x509-00.txt
>        Pages           : 16
>        Date            : 2004-10-19
>        
>This document describes schema for representing X.509 certificates,
>  X.521 security information, and related elements in directories
>  accessible using the Lightweight Directory Access Protocol (LDAP).
>  The LDAP definitions for these X.509 and X.521 schema elements
>  replaces those provided in RFC 2252 and RFC 2256.
>
>A URL for this Internet-Draft is:
>http://www.ietf.org/internet-drafts/draft-zeilenga-ldap-x509-00.txt
>
>To remove yourself from the I-D Announcement list, send a message to 
>i-d-announce-request@ietf.org with the word unsubscribe in the body of the message.  
>You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce 
>to change your subscription settings.
>
>
>Internet-Drafts are also available by anonymous FTP. Login with the username
>"anonymous" and a password of your e-mail address. After logging in,
>type "cd internet-drafts" and then
>        "get draft-zeilenga-ldap-x509-00.txt".
>
>A list of Internet-Drafts directories can be found in
>http://www.ietf.org/shadow.html 
>or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
>
>
>Internet-Drafts can also be obtained by e-mail.
>
>Send a message to:
>        mailserv@ietf.org.
>In the body type:
>        "FILE /internet-drafts/draft-zeilenga-ldap-x509-00.txt".
>        
>NOTE:   The mail server at ietf.org can return the document in
>        MIME-encoded form by using the "mpack" utility.  To use this
>        feature, insert the command "ENCODING mime" before the "FILE"
>        command.  To decode the response(s), you will need "munpack" or
>        a MIME-compliant mail reader.  Different MIME-compliant mail readers
>        exhibit different behavior, especially when dealing with
>        "multipart" MIME messages (i.e. documents which have been split
>        up into multiple messages), so check your local documentation on
>        how to manipulate these messages.
>                
>                
>Below is the data which will enable a MIME compliant mail reader
>implementation to automatically retrieve the ASCII version of the
>Internet-Draft.
>Content-Type: text/plain
>Content-ID: <2004-10-20105033.I-D@ietf.org>
>
>ENCODING mime
>FILE /internet-drafts/draft-zeilenga-ldap-x509-00.txt
>
><ftp://ftp.ietf.org/internet-drafts/draft-zeilenga-ldap-x509-00.txt>
>_______________________________________________
>I-D-Announce mailing list
>I-D-Announce@ietf.org
>https://www1.ietf.org/mailman/listinfo/i-d-announce


_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext
Prev by Date: Re: [ldapext] Fwd: I-D ACTION:draft-zeilenga-ldap-incr-00.txt
Next by Date: Re: [ldapext] Fwd: I-D ACTION:draft-zeilenga-ldap-incr-00.txt
Index(es):
- Chronological
- Thread