Skip to main content

Liaison statement
Liaison to IETF on the removal of upper bound in X.509

State Posted
Submitted Date 2007-10-05
From Group ITU-T-SG-17
From Contact Xiaoya Yang
To Group pkix
To Contacts Russ Housley <>
Stefan Santesson <>
Cc Herbert Bertine <>
Response Contact Xiaoya YANG <>
Technical Contact <>
Purpose For action
Deadline 2008-03-01 Action Taken
Attachments (None)
In relation to resolve a Defect Report, it appears to majority within the X.500
community to remove hard-coded length restriction whenever a DirectoryString is
used. In response to developer demand in the early days of the standard X.520
contained a list of maximum lengths for a variety of string types, e.g.,
organizationalName.  The values specified were non-normative.  However, some
implementers treated the values as normative.  This has caused interoperability
problem with implementations. We plan to remove the upper bounds specified in
the standard. In particular we intend to eliminate the Upper Bounds for
DirectoryString. The proposal does not change the definition of
DirectoryString, but attribute definitions will look slightly different.  As an
example, street address may

streetAddress{INTEGER:maxSize}  ATTRIBUTE  ::=  {
        WITH SYNTAX                                     DirectoryString
        {maxSize} EQUALITY MATCHING RULE                  caseIgnoreMatch
        SUBSTRINGS MATCHING RULE                caseIgnoreSubstringsMatch ID   
                                                          id-at-streetAddress }
That means that at implementation time, the upper limit may be added if wanted.
Otherwise an unlimited string may be assumed. The proposal will not change the
bits on the wire and we believe this is in line with what the PXIX group is
already doing.  We are forwarding this liaison to ensure that the PKIX group
has no problem with this proposal. Please confirm that you have no objection to
our removal of upper bounds.