Liaison statement
Liaison to IETF on the removal of upper bound in X.509

State Posted
Submission Date 2007-10-05
Sender Xiaoya Yang
From ITU-T SG 17
To Public-Key Infrastructure (X.509)
CcHerbert Bertine
Response Contact Xiaoya YANG
Technical Contact
Purpose For action
Deadline 2008-03-01 Action Taken
Attachments (None)
In relation to resolve a Defect Report, it appears to majority within the
X.500 community to remove hard-coded length restriction whenever a
DirectoryString is used.
In response to developer demand in the early days of the standard X.520
contained a list of maximum lengths for a variety of string types, e.g.,
organizationalName.  The values specified were non-normative.  However, some
implementers treated the values as normative.  This has caused
interoperability problem with implementations.
We plan to remove the upper bounds specified in the standard. In particular we
intend to eliminate the Upper Bounds for DirectoryString.
The proposal does not change the definition of DirectoryString, but attribute
definitions will look slightly different.  As an example, street address may

streetAddress{INTEGER:maxSize}  ATTRIBUTE  ::=  {
	WITH SYNTAX					DirectoryString {maxSize}
	SUBSTRINGS MATCHING RULE		caseIgnoreSubstringsMatch
	ID							id-at-streetAddress }
That means that at implementation time, the upper limit may be added if
wanted. Otherwise an unlimited string may be assumed.
The proposal will not change the bits on the wire and we believe this is in
line with what the PXIX group is already doing.  We are forwarding this
liaison to ensure that the PKIX group has no problem with this proposal.
Please confirm that you have no objection to our removal of upper bounds.