Sign in
Version 5.13.0, 2015-03-25
Report a bug

Liaison Statement: Liaison to IETF on the removal of upper bound in X.509

Submission Date: 2007-10-05
From: ITU-T SG 17 (Xiaoya Yang)
To: IETF/PKIX (Russ Housley, Stefan Santesson)
Cc:Herbert Bertine
Response Contact: Xiaoya YANG
Technical Contact:
Purpose: For action
Deadline: 2008-03-01 Action Taken
Attachments: (none)
In relation to resolve a Defect Report, it appears to majority within
the X.500 community to remove hard-coded length restriction whenever a
DirectoryString is used.
In response to developer demand in the early days of the standard X.520
contained a list of maximum lengths for a variety of string types,
e.g., organizationalName.  The values specified were non-normative. 
However, some implementers treated the values as normative.  This has
caused interoperability problem with implementations.
We plan to remove the upper bounds specified in the standard. In
particular we intend to eliminate the Upper Bounds for
The proposal does not change the definition of DirectoryString, but
attribute definitions will look slightly different.  As an example,
street address may

streetAddress{INTEGER:maxSize}  ATTRIBUTE  ::=  {
	WITH SYNTAX					DirectoryString {maxSize}
	SUBSTRINGS MATCHING RULE		caseIgnoreSubstringsMatch
	ID							id-at-streetAddress }
That means that at implementation time, the upper limit may be added if
wanted. Otherwise an unlimited string may be assumed.
The proposal will not change the bits on the wire and we believe this
is in line with what the PXIX group is already doing.  We are
forwarding this liaison to ensure that the PKIX group has no problem
with this proposal.
Please confirm that you have no objection to our removal of upper