[Date Prev][Date Next] [Chronological] [Thread] [Top]

New text for X.501



Dear LDAPers

At the recent Geneva meeting of the X.500 group, Defect Report 303 was
discussed. This concerns the fact that a user cannot be guaranteed that
the information presented to LDAP/X.500 server in an update operation is
subsequently returned unaltered in a Search operation. Due to this, in
the PKIX work we are adding text to the IDs specifically to say that for
X.509 certificates and CRLs the data must not be altered by the LDAP
server. The X.500 group is going to go one step further than this and
state that no attributes must be altered by the server and must be
returned exactly as presented, although a server may store a
canonicalised form for efficient matching if it so desires.

The defect report can only address the 1997 and 2001 versions of X.500,
since the 1993 version that LDAP is based in is no longer supported by
ITU-T/ISO.

Here is the gist of the proposed text to fix the defect report.

Stored attribute values must be held as supplied. We propose to add text
to X.501 in clause 8.5 and in 8.8.1, where we will point out that
rationalizations to stored values for the purposes of matching do not
effect the stored value. We will also add text to clause 6.1 of x.520
stating that the rationalizations describe in the matching rules are
ephemeral, for the purpose of the match only, and will not affect the
stored value.

Regards

David

-- 

*****************************************************************

David W. Chadwick, BSc PhD
Professor of Information Systems Security
IS Institute, University of Salford, Salford M5 4WT
Tel: +44 161 295 5351  Fax +44 01484 532930
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick@salford.ac.uk
Home Page:  http://www.salford.ac.uk/its024/chadwick.htm
Research Web site: http://sec.isi.salford.ac.uk
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5

*****************************************************************
begin:vcard 
n:Chadwick;David
tel;cell:+44 77 96 44 7184
tel;fax:+44 1484 532930
tel;home:+44 1484 352238
tel;work:+44 161 295 5351
x-mozilla-html:FALSE
url:http://sec.isi.salford.ac.uk
org:University of Salford;IS Institute
version:2.1
email;internet:d.w.chadwick@salford.ac.uk
title:Professor of Information Security
adr;quoted-printable:;;The Crescent=0D=0A;Salford;Greater Manchester;M5 4WT;England
note;quoted-printable:Research Projects: http://sec.isi.salford.ac.uk=0D=0A=0D=0AEntrust key validation string: CJ94-LKWD-BSXB ...........=0D=0A=0D=0APGP Key ID is 0xBC238DE5
x-mozilla-cpt:;-18752
fn:David Chadwick
end:vcard