ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Last Call: draft-turner-deviceowner-attribute (Device OwnerAttribute) to Informational RFC

2009-09-08 12:20:33
from [Andrew Sciberras \(GMAIL\)] [Permanent Link] 
Hi Sean

Thanks for the response - all looks good to me. 

In regards to the 'exact' matching, I raised that because the X.500/LDAP
countryName attribute behaves in a case insensitive manner for these country
codes - i.e. 'AU' will match 'au'. 
Not that it matters at all - but if you're thinking of altering the behavior
to be case insensitive, then this will align it with the way that country
codes are used in LDAP and X.500.  

Andrew. 

-----Original Message-----
From: Sean Turner [mailto:turners(_at_)ieca(_dot_)com] 
Sent: Thursday, 3 September 2009 3:41 AM
To: Andrew Sciberras (GMAIL)
Cc: ietf(_at_)ietf(_dot_)org
Subject: Re: Last Call: draft-turner-deviceowner-attribute (Device
OwnerAttribute) to Informational RFC

Andrew,

Thank for taking the time to review the draft.  Responses inline.

spt

Andrew Sciberras (GMAIL) wrote:

Hello

I have a few minor comments:

1.
The definition of the deviceOwner attribute in section 2 indicates:
      "IDENTIFIED BY           id-deviceOwner"

This should be updated to reflect the text in Appendix A:
      "IDENTIFIED BY            id-aa-KP-deviceOwner"


I'll update the oid name.


2. 
The ASN.1 definitions (section 2 and appendix a) of DeviceOwner contain

the

following:
              "numericCountry     INTEGER ( SIZE (0...999),"

The ASN.1 (X.680) notation for a range separator is ".." rather than an
ellipsis. The syntax of the numericCountry choice should be changed to

this:

      "numericCountry     INTEGER ( SIZE (0..999),"


As somebody else pointed out SIZE constraints can't be applied to
INTEGER.  It needs to be "numericCountry INTEGER (0..999)".


3.
The matching rule is defined to be:
  "This rule returns a TRUE if and only if the DeviceOwner value exactly 
   matches the presented value. "

By "exactly" do you mean that case is sensitive for the Printable Strings?
I.e. "AU" will not match "au"? 


Yes that's what it means.  But now that you ask I think something like
caseIgnoreMatch "The rule returns TRUE if the strings are the same
length and corresponding characters are identical except possibly with
regard to case" is probably more appropriate.


4.
The ID indicates that no IANA considerations are required since the
identifiers are already registered. 
It would be preferable if the attribute type and matching rule definitions
were registered with the IANA LDAP descriptors registry. 


After some discussions with Kurt Zeilenga, I think we're not going to
register the attributes.  I originally thought we could just say
something like the attribute could be used here, there, and everywhere
an attribute can be used.  I was unaware of the hoops to jump through to
claim that it could be used in LDAP.  I think it could be used in an
LDAP directory but we're going to target these attributes for public key
and attribute certificates.  If we end up needing to include these in a
directory, then we'll update this spec to add the required text to put
them in a directory (schema, transfer syntax, etc.).  I'll modify the
intro to say this:

This document specifies the Device Owner attribute.  This attribute may
be included in locations or protocols that support ASN.1 attribute
definitions to indicate the country or group that owns the device.

NOTE: This document does not provide LDAP equivalent schema
specification as this attribute is targeted at public key certificates
[RFC5280] and attribute certificates [RFC3281bis].  This is left to a
future specification.



Regards,
Andrew Sciberras




-----Original Message-----
From: ietf-announce-bounces(_at_)ietf(_dot_)org

[mailto:ietf-announce-bounces(_at_)ietf(_dot_)org] On

Behalf Of The IESG
Sent: Friday, 31 July 2009 9:52 PM
To: IETF-Announce
Subject: Last Call: draft-turner-deviceowner-attribute (Device

OwnerAttribute) to

Informational RFC

The IESG has received a request from an individual submitter to consider
the following document:

- 'Device Owner Attribute '
  <draft-turner-deviceowner-attribute-01.txt> as an Informational RFC

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action.  Please send substantive comments to the
ietf(_at_)ietf(_dot_)org mailing lists by 2009-08-28. Exceptionally,
comments may be sent to iesg(_at_)ietf(_dot_)org instead. In either case, 
please
retain the beginning of the Subject line to allow automated sorting.

The file can be obtained via


http://www.ietf.org/internet-drafts/draft-turner-deviceowner-attribute-01.t

xt


IESG discussion can be tracked via


https://datatracker.ietf.org/public/pidtracker.cgi?command=view_id&dTag=177

56&rfc

_flag=0

_______________________________________________
IETF-Announce mailing list
IETF-Announce(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-announce


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf







_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: IETF Trust response to the appeal by John C Klensin (July 18, 2009, Margaret Wasserman
Next by Date:  Re: draft-housley-iesg-rfc3932bis and the optional/mandatory nature of IESG notes, Polk, William T.
Previous by Thread:  Re: Last Call: draft-turner-deviceowner-attribute (Device OwnerAttribute) to Informational RFC, Sean Turner
Next by Thread:  Re: Last Call: draft-turner-deviceowner-attribute (Device OwnerAttribute) to Informational RFC, Sean Turner
Indexes:  [Date] [Thread] [Top] [All Lists]