Lightweight Directory Access Protocol (LDAP) Registrations for PKCS #9
draft-seantek-ldap-pkcs9-01

The information below is for an old version of the document
Document Type Active Internet-Draft (individual)
Last updated 2014-10-26
Stream (None)
Intended RFC status (None)
Formats pdf htmlized bibtex
Reviews
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                         S. Leonard
Internet-Draft                                             Penango, Inc.
Intended Status: Informational                          October 26, 2014
Expires: April 29, 2015                                                 

              Lightweight Directory Access Protocol (LDAP)
                       Registrations for PKCS #9
                    draft-seantek-ldap-pkcs9-01.txt

Abstract

   PKCS #9 includes several useful definitions that are not yet
   reflected in the LDAP IANA registry. This document adds those
   definitions to the IANA registry.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF). Note that other groups may also distribute working
   documents as Internet-Drafts. The list of current Internet-Drafts is
   at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time. It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on March 14, 2015.

Copyright Notice

   Copyright (c) 2014 IETF Trust and the persons identified as the
   document authors. All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document. Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document. Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

 

Leonard                      Informational                      [Page 1]
Internet-Draft         LDAP PKCS #9 Registrations       October 26, 2014

1.  Introduction

   This document registers the LDAP [RFC4510] schema definitions
   [RFC4512] for a subset of elements specified in PKCS #9 [PKCS9],
   including attribute types; matching rules and syntaxes to be used
   with these attribute types; and related object classes.

   As the elements and their semantics are defined in [PKCS9], this
   document needs to be read in conjunction with [PKCS9] to make use of
   the LDAP registrations provided herein. [PKCS9] provides complete
   definitions, with one significant omission: the IANA Considerations
   section was never appended. This document provides the IANA
   Considerations section necessary to register appropriate descriptors.

2.  Syntaxes

   Appendix B.1 of [PKCS9] describes various syntaxes used in LDAP to
   transfer PKCS #9 elements and related data types.

3.  Matching Rules

   Appendix B.4 of [PKCS9] provides matching rules for use in LDAP.

4.  Attribute Types

   Appendix B.3 of [PKCS9] details attribute types for use in LDAP,
   including (by its own admission) attributes that are highly unlikely
   to be stored in a Directory. For parity, all attributes in Appendix
   B.3--but not necessarily in PKCS #9 as a whole--are registered via
   this document.

   [PKCS9] includes certain attribute types that have found meaningful
   use outside of the PKCS series. Specifically:

      o  emailAddress is mandated in [RFC5750], and has mandatory
         processing requirements if included in a certificate [RFC5280].
      o  [RFC5280] recommends the recognition of pseudonym.
      o  The Qualified Certificates Profile [RFC3739] requires both
         pseudonym and the vital records dateOfBirth, placeOfBirth,
         gender, countryOfCitizenship, and countryOfResidence.
      o  "DESC" is sometimes emitted for the description (2.5.4.13)
         attribute.

   As a result, certain applications not only encounter and generate
   these attributes in practice, but also use short descriptors that
   have come to be widely recognized.

 

Leonard                      Informational                      [Page 2]
Internet-Draft         LDAP PKCS #9 Registrations       October 26, 2014

4.1.  Semantics of dateOfBirth Clarified

   [PKCS9] Section 5.2.4 states that dateOfBirth "is the date of birth
   for the subject it is associated with." Its GeneralizedTime syntax,
   however, requires time and time zone specifications that are not
   related to dateOfBirth's semantics.

   [RFC3739] RECOMMENDS that the time recorded be GMT (i.e., UTC) noon
   down to the granularity of seconds "in order to prevent accidental
   change of date due to time zone adjustments." Since contemporary time
Show full document text