The ``final text'' of the new Directory Authentication Framework has just
been circulated to ISO member bodies (reference ISO/IEC JTC1/SC21 N8696).
[Note that this is the first time that ISO member bodies have officially
and formally seen the new text. Due to some administrative problem connected
with the ISO/CCITT interface, it wasn't circulated before]
There have been a couple of editorial changes from the editor's draft
that Hoyt kindly posted to this list, but I haven't found any significant
technical changes.
The significant changes over the '88 version are:
1. The version number in a certificate can have value 1 (denoting version 2).
2. issuerUniqueIdentifier and subjectUniqueIdentifier field added to Certificate
3. CertificateList is now almost, but not quite, identical to the RFC 1422
CertificateRevocationList. (The nextUpdate field is optional in
X.509(1993), but mandatory in RFC 1422).
3, The sq-mod-n hash function is now deprecated.
4. The new ASN.1 is used. It looks different, but the bits on the wire
are the same...
Of course, these changes were announced ages ago; but it's nice to know that
the standard didn't get completely re-written at the last moment!
Michael Roe
Compute Security Group
Cambridge University Computer Laboratory