[x500standard] Re: SV: Re: SV: Re: SV: Re: New defect report on missing organisation information

• From: Sharon Boeyen <sharon.boeyen@xxxxxxxxxxx>
• To: "x500standard@xxxxxxxxxxxxx" <x500standard@xxxxxxxxxxxxx>
• Date: Mon, 2 Apr 2012 14:15:57 -0400

Actually I disagree about the 'uncontrolled' development of attributes or 
extensions being against the spirit of standardization. Both the original set 
of directory attributes (and object classes) as well as the initial set of 
X.509 certificate extensions were created in order to provide a commonly 
applicable base set from which others would then extend as they saw fit to suit 
their particular needs. These were never intended to be "the set" of standard 
attributes, object classes or extensions. This was a point that Hoyt, in 
particular, used to hammer home on many occasions and strongly resisted any 
change to the set in order to discourage people from thinking this was the 
single set of standard attributes.

However, that's not a valid argument against what you're attempting to do here. 
I'm not saying it wouldn't necessarily be a useful and commonly used attribute 
(although I do wonder whether there aren't already groups using some other 
attributes to satisfy similar needs).

All I'm saying is that this is not a defect and the proper way to progress this 
work (as well as any other schema enhancements people feel might be needed) 
would be through the enhancement mechanism. The defect process really should be 
used only for true defects. Time is not the gating factor for whether something 
should be considered a defect. If industry is waiting with baited breath for 
this attribute with an OID from the ITU/ISO arc, they'll start using it as soon 
as an initial draft document is published (probably) regardless of the 
standards process used to progress the work.

Anyway that's just my opinion and I won't bother pushing my view further - just 
needed to voice it :)

b.t.w. I never went away - just went quiet :)


From: x500standard-bounce@xxxxxxxxxxxxx 
[mailto:x500standard-bounce@xxxxxxxxxxxxx] On Behalf Of Erik Andersen
Sent: Saturday, March 31, 2012 7:15 AM
To: x500standard@xxxxxxxxxxxxx
Subject: [x500standard] SV: Re: SV: Re: SV: Re: New defect report on missing 
organisation information

Hi Sharon,

Nice to have you back. I have been missing your for a long time.

We do not have a clear issue here. It is true that if you have control of an 
OID branch, you can define your own attribute types. This one of the great 
feature of the OID concept. However, it is also at times causes a disarray. As 
an example, LDAP has the concept of controls where a control is assigned an 
OID. This has caused a large number of controls to  be defined in very diverted 
parts of the OID tree, which makes it difficult to get a total picture about 
what useful controls that are available. Often they are allocated from company 
branches, companies that may not exist tomorrow.

You could  say the same about certificate extension. An uncontrolled 
development of extension is against the spirit of standardisation and causes 
interworking problems.

If an organisation needs an attribute type that is very specific to the 
organisation, it is reasonable that they use some odd OID. However, if we talk 
about an attribute type that is general useful, it is not very productive if 
everyone defines their own version of that attribute type with different OIDs. 
I believe this is the case here.

We do not have good procedures for handling this case. A four years cycle is 
not the optimal solution. We have to be a little flexible here. By putting it 
up as a defect report people have the opportunity to discuss whether a 
suggested attribute type is in fact general useable or whether it is specific 
to a particular organisation.

Kind regards,

Erik

Fra: 
x500standard-bounce@xxxxxxxxxxxxx<mailto:x500standard-bounce@xxxxxxxxxxxxx> 
[mailto:x500standard-bounce@xxxxxxxxxxxxx]<mailto:[mailto:x500standard-bounce@xxxxxxxxxxxxx]>
 På vegne af Sharon Boeyen
Sendt: 30. marts 2012 18:59
Til: x500standard@xxxxxxxxxxxxx<mailto:x500standard@xxxxxxxxxxxxx>
Emne: [x500standard] Re: SV: Re: SV: Re: New defect report on missing 
organisation information

Erik I agree with Denis that this is an enhancement and not a defect. The 
standard allows other attributes to be defined by any entity. The fact that in 
SOME environments an additional attribute would be helpful does not make this a 
defect in the standard, but rather a potential enhancement.

From: 
x500standard-bounce@xxxxxxxxxxxxx<mailto:x500standard-bounce@xxxxxxxxxxxxx> 
[mailto:x500standard-bounce@xxxxxxxxxxxxx] On Behalf Of Erik Andersen
Sent: Friday, March 30, 2012 12:07 PM
To: x500standard@xxxxxxxxxxxxx<mailto:x500standard@xxxxxxxxxxxxx>
Subject: [x500standard] SV: Re: SV: Re: New defect report on missing 
organisation information

HI Denis,

I will give it a shot.

Erik

Fra: 
x500standard-bounce@xxxxxxxxxxxxx<mailto:x500standard-bounce@xxxxxxxxxxxxx> 
[mailto:x500standard-bounce@xxxxxxxxxxxxx]<mailto:[mailto:x500standard-bounce@xxxxxxxxxxxxx]>
 På vegne af denis.pinkas@xxxxxxxx<mailto:denis.pinkas@xxxxxxxx>
Sendt: 30. marts 2012 18:01
Til: x500standard@xxxxxxxxxxxxx<mailto:x500standard@xxxxxxxxxxxxx>
Emne: [x500standard] Re: SV: Re: New defect report on missing organisation 
information

Erik,

You speak of VAT-number while others were speaking of something else.
I have the feeling that we have a solution but that we don't know what the 
problem is
or that we don't agree that we share the same problem.

We should start by a problem statement, which currently is far from crystal 
clear.

Proposing an ASN.1 syntax without the explanations is not the solution either.

The defect report is currently not correctly presented and would need to be 
fully rewritten.

Denis




De :        "Erik Andersen" <era@xxxxxxx<mailto:era@xxxxxxx>>
A :        <x500standard@xxxxxxxxxxxxx<mailto:x500standard@xxxxxxxxxxxxx>>
Date :        30/03/2012 17:51
Objet :        [x500standard] SV: Re: New defect report on missing organisation 
information
Envoyé par :        
x500standard-bounce@xxxxxxxxxxxxx<mailto:x500standard-bounce@xxxxxxxxxxxxx>
________________________________



Hi Denis,

Thanks for making the effort to read the defect report and for the correction. 
I am not used to that.

There is no clear border line between a defect report and an enhancement. Added 
a single attribute type has no affect on the remaining of the specification and 
is therefore quite safe. I did not invent the requirement for the new attribute 
type, but recognised that we have been missing such an attribute type for a 
long time to enter e.g. a VAT-number. The lack of such a capability could be 
labelled as an omission, which is one of the things that can justify a defect 
report.

The seventh edition of X.520 is at its final stage where it is not possible to 
add such an attribute as part of the extension process, and if we tried, we 
would sneak it in. Now, we do it more openly. Waiting for a possible eight 
edition of X.520 would delay the solution by four years.

The proposed solution will eventually end up in a Draft Technical Corrigendum, 
that will go out for vote within both ISO and ITU-T.

Erik


Fra: 
x500standard-bounce@xxxxxxxxxxxxx<mailto:x500standard-bounce@xxxxxxxxxxxxx> 
[mailto:x500standard-bounce@xxxxxxxxxxxxx] På vegne af 
denis.pinkas@xxxxxxxx<mailto:denis.pinkas@xxxxxxxx>
Sendt: 30. marts 2012 17:00
Til: x500standard@xxxxxxxxxxxxx<mailto:x500standard@xxxxxxxxxxxxx>
Cc: Directory list
Emne: [x500standard] Re: New defect report on missing organisation information

Hummm !

The "defect" is presented this way:

The organizationName is not always enough to identify a organisation. At times 
an additional information necessary, like some kind of identifier issued by the 
authorities.




First of all, the sentence is not English. At the minimum a verb is missing in 
the second sentence.

But more important, I disagree that it is a "defect report". It looks like an 
enhancement.

Then, the "pseudo defect" is not correctly characterized.

So if the question is not correctly stated, how could any solution be 
appropriate ?

Denis




De :        "Erik Andersen" <era@xxxxxxx<mailto:era@xxxxxxx>>
A :        "Directory list" 
<x500standard@xxxxxxxxxxxxx<mailto:x500standard@xxxxxxxxxxxxx>>
Date :        30/03/2012 14:41
Objet :        [x500standard] New defect report on missing organisation 
information
Envoyé par :        
x500standard-bounce@xxxxxxxxxxxxx<mailto:x500standard-bounce@xxxxxxxxxxxxx>

________________________________




I have issued a new defect report 381. See 
http://www.x500standard.com/index.php?n=Ig.DefectReports

Any comments?

Erik

Other related posts:

• » [x500standard] SV: Re: SV: Re: SV: Re: New defect report on missing organisation information- Erik Andersen
• » [x500standard] Re: SV: Re: SV: Re: SV: Re: New defect report on missing organisation information- David Chadwick
• » [x500standard] Re: SV: Re: SV: Re: SV: Re: New defect report on missing organisation information- Steve Kille
• » [x500standard] Re: SV: Re: SV: Re: SV: Re: New defect report on missing organisation information - Sharon Boeyen

1. Home
2. x500standard
3. Archive
4. 04-2012

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---