[x500standard] Re: SV: Re: SV: Re: SV: Re: New defect report on missing organisation information

  • From: David Chadwick <d.w.chadwick@xxxxxxxxxx>
  • To: x500standard@xxxxxxxxxxxxx
  • Date: Sun, 01 Apr 2012 13:34:52 +0100

Hi Erik
because we do not have a functioning attribute registry, then you have chosen the defect report as a workaround. An attribute registry, along the lines of the various registries run by IANA, would have been a valuable service for X.500 to have given the world two decades ago. But I dont see it happening anytime soon, so I support your defect report route as a way of getting an internationally recognised and supported attribute into the standard. Each country is entitled to vote on this, and if there is sufficient support then the new attribute will be added to the standard. If most countries reject the defect report then you will know that the attribute does not have sufficient support internationally 

regards

David


On 31/03/2012 12:14, Erik Andersen wrote:

Hi Sharon,

Nice to have you back. I have been missing your for a long time.

We do not have a clear issue here. It is true that if you have control
of an OID branch, you can define your own attribute types. This one of
the great feature of the OID concept. However, it is also at times
causes a disarray. As an example, LDAP has the concept of controls where
a control is assigned an OID. This has caused a large number of controls
to  be defined in very diverted parts of the OID tree, which makes it
difficult to get a total picture about what useful controls that are
available. Often they are allocated from company branches, companies
that may not exist tomorrow.

You could  say the same about certificate extension. An uncontrolled
development of extension is against the spirit of standardisation and
causes interworking problems.

If an organisation needs an attribute type that is very specific to the
organisation, it is reasonable that they use some odd OID. However, if
we talk about an attribute type that is general useful, it is not very
productive if everyone defines their own version of that attribute type
with different OIDs. I believe this is the case here.

We do not have good procedures for handling this case. A four years
cycle is not the optimal solution. We have to be a little flexible here.
By putting it up as a defect report people have the opportunity to
discuss whether a suggested attribute type is in fact general useable or
whether it is specific to a particular organisation.

Kind regards,

Erik

*Fra:*x500standard-bounce@xxxxxxxxxxxxx
[mailto:x500standard-bounce@xxxxxxxxxxxxx] *På vegne af *Sharon Boeyen
*Sendt:* 30. marts 2012 18:59
*Til:* x500standard@xxxxxxxxxxxxx
*Emne:* [x500standard] Re: SV: Re: SV: Re: New defect report on missing
organisation information

Erik I agree with Denis that this is an enhancement and not a defect.
The standard allows other attributes to be defined by any entity. The
fact that in SOME environments an additional attribute would be helpful
does not make this a defect in the standard, but rather a potential
enhancement.

*From:*x500standard-bounce@xxxxxxxxxxxxx
<mailto:x500standard-bounce@xxxxxxxxxxxxx>
[mailto:x500standard-bounce@xxxxxxxxxxxxx] *On Behalf Of *Erik Andersen
*Sent:* Friday, March 30, 2012 12:07 PM
*To:* x500standard@xxxxxxxxxxxxx <mailto:x500standard@xxxxxxxxxxxxx>
*Subject:* [x500standard] SV: Re: SV: Re: New defect report on missing
organisation information

HI Denis,

I will give it a shot.

Erik

*Fra:*x500standard-bounce@xxxxxxxxxxxxx
<mailto:x500standard-bounce@xxxxxxxxxxxxx>
[mailto:x500standard-bounce@xxxxxxxxxxxxx]
<mailto:[mailto:x500standard-bounce@xxxxxxxxxxxxx]> *På vegne af
*denis.pinkas@xxxxxxxx <mailto:denis.pinkas@xxxxxxxx>
*Sendt:* 30. marts 2012 18:01
*Til:* x500standard@xxxxxxxxxxxxx <mailto:x500standard@xxxxxxxxxxxxx>
*Emne:* [x500standard] Re: SV: Re: New defect report on missing
organisation information

Erik,

You speak of VAT-number while others were speaking of something else.
I have the feeling that we have a solution but that we don't know what
the problem is
or that we don't agree that we share the same problem.

We should start by a problem statement, which currently is far from
crystal clear.

Proposing an ASN.1 syntax without the explanations is not the solution
either.

The defect report is currently not correctly presented and would need to
be fully rewritten.

Denis




De : "Erik Andersen" <era@xxxxxxx <mailto:era@xxxxxxx>>
A : <x500standard@xxxxxxxxxxxxx <mailto:x500standard@xxxxxxxxxxxxx>>
Date : 30/03/2012 17:51
Objet : [x500standard] SV: Re: New defect report on missing organisation
information
Envoyé par : x500standard-bounce@xxxxxxxxxxxxx
<mailto:x500standard-bounce@xxxxxxxxxxxxx>

------------------------------------------------------------------------




Hi Denis,

Thanks for making the effort to read the defect report and for the
correction. I am not used to that.

There is no clear border line between a defect report and an
enhancement. Added a single attribute type has no affect on the
remaining of the specification and is therefore quite safe. I did not
invent the requirement for the new attribute type, but recognised that
we have been missing such an attribute type for a long time to enter
e.g. a VAT-number. The lack of such a capability could be labelled as an
omission, which is one of the things that can justify a defect report.

The seventh edition of X.520 is at its final stage where it is not
possible to add such an attribute as part of the extension process, and
if we tried, we would sneak it in. Now, we do it more openly. Waiting
for a possible eight edition of X.520 would delay the solution by four
years.

The proposed solution will eventually end up in a Draft Technical
Corrigendum, that will go out for vote within both ISO and ITU-T.

Erik


*Fra:*x500standard-bounce@xxxxxxxxxxxxx
<mailto:x500standard-bounce@xxxxxxxxxxxxx>
[mailto:x500standard-bounce@xxxxxxxxxxxxx] *På vegne af
*denis.pinkas@xxxxxxxx <mailto:denis.pinkas@xxxxxxxx>*
Sendt:* 30. marts 2012 17:00*
Til:* x500standard@xxxxxxxxxxxxx <mailto:x500standard@xxxxxxxxxxxxx>*
Cc:* Directory list*
Emne:* [x500standard] Re: New defect report on missing organisation
information

Hummm !

The "defect" is presented this way:

The organizationName is not always enough to identify a organisation. At
times an additional information necessary, like some kind of identifier
issued by the authorities.




First of all, the sentence is not English. At the minimum a verb is
missing in the second sentence.

But more important, I disagree that it is a "defect report". It looks
like an enhancement.

Then, the "pseudo defect" is not correctly characterized.

So if the question is not correctly stated, how could any solution be
appropriate ?

Denis




De : "Erik Andersen" <era@xxxxxxx <mailto:era@xxxxxxx>>
A : "Directory list" <x500standard@xxxxxxxxxxxxx
<mailto:x500standard@xxxxxxxxxxxxx>>
Date : 30/03/2012 14:41
Objet : [x500standard] New defect report on missing organisation
information
Envoyé par : x500standard-bounce@xxxxxxxxxxxxx
<mailto:x500standard-bounce@xxxxxxxxxxxxx>

------------------------------------------------------------------------





I have issued a new defect report 381. See
http://www.x500standard.com/index.php?n=Ig.DefectReports

Any comments?

Erik



--

*****************************************************************
David W. Chadwick, BSc PhD
Professor of Information Systems Security
School of Computing, University of Kent, Canterbury, CT2 7NF
Skype Name: davidwchadwick
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick@xxxxxxxxxx
Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5

*****************************************************************
-----
www.x500standard.com: The central source for information on the X.500 Directory 
Standard.

Other related posts:

  1. Home
  2. x500standard
  3. Archive
  4. 04-2012