Lightweight Directory Access Protocol (LDAP) Registrations for PKCS #9

Document Type Active Internet-Draft (individual in art area)
Last updated 2017-03-13
Stream IETF
Intended RFC status Informational
Formats plain text pdf html bibtex
Stream WG state Submitted to IESG for Publication
Document shepherd No shepherd assigned
IESG IESG state IESG Evaluation::AD Followup
Consensus Boilerplate Yes
Telechat date
Has a DISCUSS. Has enough positions to pass once DISCUSS positions are resolved.
Responsible AD Alexey Melnikov
Send notices to (None)
IANA IANA review state Version Changed - Review Needed
IANA action state None
Network Working Group                                         S. Leonard
Internet-Draft                                             Penango, Inc.
Intended Status: Informational                            March 13, 2017
Expires: September 14, 2017                                             

              Lightweight Directory Access Protocol (LDAP)
                       Registrations for PKCS #9


   PKCS #9 includes several useful definitions that are not yet
   reflected in the LDAP IANA registry. This document adds those
   definitions to the IANA registry.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF). Note that other groups may also distribute working
   documents as Internet-Drafts. The list of current Internet-Drafts is

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time. It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on September 14, 2017.

Copyright Notice

   Copyright (c) 2017 IETF Trust and the persons identified as the
   document authors. All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   ( in effect on the date of
   publication of this document. Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document. Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.


Leonard                      Informational                      [Page 1]
Internet-Draft         LDAP PKCS #9 Registrations         March 13, 2017

1.  Introduction

   This document registers the LDAP [LDAPMAP] schema definitions
   [LDAPDIM] for a subset of elements specified in PKCS #9 [PKCS#9],
   including attribute types; matching rules and syntaxes to be used
   with these attribute types; and related object classes.

   As the elements and their semantics are defined in [PKCS#9], this
   document needs to be read in conjunction with [PKCS#9] to make use of
   the LDAP registrations provided herein. [PKCS#9] provides complete
   definitions, with one significant omission: the IANA Considerations
   section was never appended. This document provides the IANA
   Considerations section necessary to register appropriate descriptors.

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   document are to be interpreted as described in [BCP14].

2.  Syntaxes

   Appendix B.1 of [PKCS#9] describes various syntaxes used in LDAP to
   transfer PKCS #9 elements and related data types.

3.  Matching Rules

   Appendix B.4 of [PKCS#9] provides matching rules for use in LDAP.

4.  Attribute Types

   Appendix B.3 of [PKCS#9] details attribute types for use in LDAP,
   including (by its own admission) attributes that are highly unlikely
   to be stored in a Directory. The attributes in Appendix B.3 that are
   not highly unlikely to be stored in a Directory are registered via
   this document.

   [PKCS#9] includes certain attribute types that have found meaningful
   use outside of the PKCS series. Specifically:

      o  emailAddress is mandated in [SMIMEv3.2C], and has mandatory
         processing requirements if included in a certificate
      o  [PKIXPROF] recommends the recognition of pseudonym.
      o  The Qualified Certificates Profile [QCPROF] requires both
         pseudonym and the vital records dateOfBirth, placeOfBirth,
         gender, countryOfCitizenship, and countryOfResidence.
      o  "DESC" is sometimes emitted for the description (


Leonard                      Informational                      [Page 2]
Internet-Draft         LDAP PKCS #9 Registrations         March 13, 2017

   As a result, certain applications not only encounter and generate
   these attributes in practice, but also use short descriptors that
   have come to be widely recognized.
Show full document text