The following exchange from Paul Clark may be helpful to others:
Hi Bob,
Let me take a brief stab at this. If any of my explanation
is unclear, please feel free to re-ping.
Paul
Paul and/or Christian,
Although I have a project to investigate X.500, I have not yet gotten
personally involved, and could use a little remedial instruction.
Are your comments regarding the difficulty of handling unknown
OIDs based on the use of a "production" quality X.500 directory
server and/or DUA, or are you using something like QUIPU?
The problem is with the underlying database which will probably
key information by either issuer dname+serial number and/or
subject dname. Since a dname may have multiple representations
there is a need for canonicalization.
I seem to recall reading somewhere that the syntax of "new"
attributes was supposed to be promulgated in ASN.1 as some
sort of a library function. Is that true?
I have not heard of anything other than the isode library
which is pretty low level stuff. There are still a number
of user interface issues to be solved for any new attribute.
I would have hoped that any oganization that registered with ANSI
and obtained its own OID could use that to qualify the OID for a new
attribute, and that it would be possible to look up the syntax for the new
attribute in the directory itself. Is this correct?
I believe this is possible. However, such a full blown directory
is a ways off. In the interim, we only have local databases.
But certainly there must be a relatively simple way for a directory
service provider to decide to offer a new set of attributes, and to
promulgate those to the other providers, for otherwise X.500 will
be almost useless.
We have discussed making an OID.conf which would define a syntax
for each attribute that we know about, but have no immediate
plans to implement this feature. Another problem, what if one
wishes to define a new syntax?
Paul
That was helpful. Why don't you post it to pem-dev, since
others seem to be confused as well.
I am not certain that I saved a copy of my response. If you
think it will help, you may post it.
A couple of points that might require clearing up. I can't
tell from your comments whether you are referring to
TIS-PEM, or your X.500 implemention, or both.
Both can be expected to store and retrieve information
locally. To the extent that this is true, both will
require the canonicalization capability I described.
Paul