John Pawling wrote:
Phil,
The PKIX X.509 Certificate and CRL Profile defines DirectoryString exactly
as stated in the latest ESS. I believe that the S/MIME specs should be
consistent with the PKIX specs, so I oppose any proposal that causes ESS to
be out of sync with PKIX. Recommend that you submit your proposal to the
PKIX mail list.
John,
You read me wrong. I'm perfectly comfortable with DirectoryString
as currently defined, though I still argue that there is room for
improvement in the definition. As for "octet hole" solutions, I
tend, as you probably know, to ridicule them every chance I get.
My suggestion was made only in the context of possibly avoiding
a potential obstacle in making it through the standards process,
and relative to the discussion of the definition of ESSPrivacyMark.
If the definition for this type has already passed muster, then
there's no problem.
I very much agree with you that SMIME and PKIX need to be in sync.
Phil
================================
John Pawling
jsp(_at_)jgvandyke(_dot_)com
J.G. Van Dyke & Associates, Inc.
================================
At 09:31 AM 2/17/98 -0500, asn1(_at_)mindspring(_dot_)com wrote:
Hi there,
The latest ESS document just posted to the list,
draft-ietf-smime-ess-02.txt, contains the following
ASN.1 type definition:
DirectoryString ::= CHOICE {
teletexString TeletexString (SIZE (1..MAX)),
printableString PrintableString (SIZE (1..MAX)),
bmpString BMPString (SIZE (1..MAX)),
universalString UniversalString (SIZE (1..MAX)) }
The SMIME editors may wish to consider changing this
type to something like
DirectoryString ::= CHOICE {
utf8String OCTET STRING }
or to at least add UTF8 as a choice alternative. This
type seems likely to suffer the same criticism as
the ESSPrivacyMark type. Not sure how type GeneralNames
might be perceived, since it is IMPORTED for use in
the ESS module.
Phil
--
Phillip H. Griffin Griffin Consulting
asn1(_at_)mindspring(_dot_)com ASN.1-SET-Java-Security
919.828.7114 1625 Glenwood Avenue
919.832.7008 [mail] Raleigh, North Carolina 27608 USA
------------------------------------------------------------
Visit http://www.fivepointsfestival.com
http://www.five-points.com
------------------------------------------------------------