Re: [wpkops] Fwd: [T17Q11] Attribute certificate path

[Stephen Farrell]

Hi Erik,

On 09/23/2013 08:50 AM, Erik Andersen wrote:
 Hi Folks,
 
 How did that talk about changing the ASN.1 come into the discussion? There
 is no plan what so ever to change old ASN.1 in the edition we are about to
 publish. I just noticed that the English text talks about certificate path
 instead of certification path, which is the term normally used. I just
 proposed to adjust the English text to be accordance with the ASN.1 and in
 according with the text in other part of X.509. How such a simple question
 could result in such confused discussion is beyond my imagination.

I guess that's because we've been here before with ASN.1 modules;-)
I don't recall if that was an x.509/IETF screw-up or a purely IETF
one, but I think we have had cases where editorial changes to
ASN.1 modules were proposed that would have broken stuff. And of
course, it wasn't clear at that point that you're only planning
on making editorial changes for now.

S.

 
 Kind regards,
 
 Erik
 
 -Oprindelig meddelelse-
 Fra: Sean Turner [mailto:turn...@ieca.com] 
 Sendt: 22. september 2013 18:32
 Til: t...@yaanatech.com
 Cc: wpkops@ietf.org; Erik Andersen
 Emne: Re: [wpkops] Fwd: [T17Q11] Attribute certificate path
 
 That ASN.1 has been in X.509 since what 1997.  I wouldn't change it even if
 somebody did ask because it's been in there for so long and it doesn't
 seemed to have cause any interoperability issues.  I could see adding some
 text that explains it's incorrectly named but because it's been in there for
 so long that erring on the side of caution and not changing it seems the
 prudent thing to do.
 
 spt
 
 On 9/21/13 8:42 AM, Tony Rutkowski wrote:
 does anyone have any druthers here for Erik who is trying to update 
 the old
 X.509 spec?

 --tony


  Original Message 
 Subject: [T17Q11] Attribute certificate path
 Date:Sat, 21 Sep 2013 14:10:20 +0200
 From:Erik Andersen e...@x500.eu
 To:  t13sg17...@lists.itu.int



 Hi Folks,

 I noticed that 12.2 of X.509 talks about attribute certificate path.
 However, the associated ASN.1 is a data type is called 
 AttributeCertificationPath. As we for public-key certificates talk 
 about certification path, it seems reasonable to use the term 
 attribute certification path rather that attribute certificate path.

 I also noticed that the ASN.1 indicates that the path is bottom up 
 rather top down:

 AttributeCertificationPath ::= SEQUENCE {

attributeCertificate  AttributeCertificate,

acPathSEQUENCE OF ACPathData OPTIONAL,

... }

 Please come back with comments.

 Erik





 ___
 wpkops mailing list
 wpkops@ietf.org
 https://www.ietf.org/mailman/listinfo/wpkops

 
 ___
 wpkops mailing list
 wpkops@ietf.org
 https://www.ietf.org/mailman/listinfo/wpkops
 
___
wpkops mailing list
wpkops@ietf.org
https://www.ietf.org/mailman/listinfo/wpkops

Re: [wpkops] X.509 versions and proposed changes

[Stephen Farrell]

On 09/23/2013 06:22 AM, Tony Rutkowski wrote:
 Hi Steve,
 
 It is helpful to have the complete
 current set of X.509 materials.
 These consist of the 2012 and
 2006 versions, the defect report,
 and the current draft proposed
 changes to the 2012 version.
 
 --tony

The 2012 version doesn't have any mention of a trust broker
but one of the word documents appears to be adding that to
x.509.

Two comments:-

1) that doesn't strike me as editorial, even if there's
no change to an ASN.1 module.

2) I don't think adding that to x.509 without getting a lot
more input from people who develop PKI code is a good plan
at all. I'm not aware that such input has been sought or
given. But I doubt it'll have any impact if that is added
other than to make it less likely folks will make use of
the x.509 document.

So fwiw, count this as a please don't, but I don't really
care if you do comment from me. (And note me == Stephen,
not the IETF - if some kind of liaison about this is
helpful to SG17, we can ask to see what the IETF think
about it.)

S.

___
wpkops mailing list
wpkops@ietf.org
https://www.ietf.org/mailman/listinfo/wpkops