[pkix] Next edition of X.509
"Erik Andersen" <era@x500.eu> Mon, 07 December 2015 10:33 UTC
Return-Path: <era@x500.eu>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD9211A1ADC for <pkix@ietfa.amsl.com>; Mon, 7 Dec 2015 02:33:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.11
X-Spam-Level: *
X-Spam-Status: No, score=1.11 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HELO_EQ_DK=1.009, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m9f9FKU08jAZ for <pkix@ietfa.amsl.com>; Mon, 7 Dec 2015 02:33:22 -0800 (PST)
Received: from mail03.dandomain.dk (mail03.dandomain.dk [194.150.112.203]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AF7BE1A1AC9 for <pkix@ietf.org>; Mon, 7 Dec 2015 02:33:20 -0800 (PST)
Received: from Morten ([62.44.134.188]) by mail03.dandomain.dk (DanDomain Mailserver) with ASMTP id 3201512071133162690; Mon, 07 Dec 2015 11:33:16 +0100
From: Erik Andersen <era@x500.eu>
To: Directory list <x500standard@freelists.org>, PKIX <pkix@ietf.org>
Date: Mon, 07 Dec 2015 11:33:18 +0100
Message-ID: <000001d130da$b05884d0$11098e70$@x500.eu>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01D130E3.12209650"
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AdEw0FD5/LgFYJ3qQAaA641RetIdjg==
Content-Language: en-gb
Archived-At: <http://mailarchive.ietf.org/arch/msg/pkix/PQbiSXiQ63JBFx7ICzFBKckusgo>
Cc: WG15@iectc57.org
Subject: [pkix] Next edition of X.509
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Dec 2015 10:33:24 -0000
In preparation for the next edition of X.509 (the 2016 edition), I have forwarded to the ISO/IEC JTC1/SC6 two documents for three months ballots: These two documents may be found as: 1. http://www.x500standard.com/uploads/extensions/x509-pdam-amd2.pdf, which is the 3rd PDAM text for an amendment to X.509. 2. http://www.x500standard.com/uploads/dtc/X509-Ed7-Cor2.pdf, which a second draft technical corrigendum. This technical corrigendum is based on a set of defects reports, which include the justification for the changes. The Defect reports may be found on http://www.x500standard.com/index.php?n=Ig.DefectReports. An early corrigendum has been approved within ISO and ITU-T and may be found as: http://www.x500standard.com/uploads/dtc/X509-Ed7-Cor1.pdf. These three documents together with the seventh edition will provide the input to the next edition of X.509. The different X.recommendations, including X.509, may be found at http://www.itu.int/rec/T-REC-X/e. This edition of X.509 is freely available in the PDF version. Those involved in ISO/IEC JTC1/SC6 can, of course, submit ballot comments on the two documents out for ballot. Others, which may have comments on the these document, may post them on the lists and after consolidation and consensus, they may be issued as ITU-T comments. It is important to check whether any of the suggested changes affects running codes. If that is a case, it is a mistake. The intension behind the changes has been: 1. A better separation between public-key certificates and attribute certificates. 2. Use of a consistent terminology. 3. Use of a consistent editing style in accordance with the ITU-T editing guidelines.. 4. A new PKI component called trust broker assists a relying party validating a public-key certificate is included. 5. IEC TC57 WG15 has identified a requirement for a feature first called whitelist but now the term is authorization and validation list is used. A proposal for such a feature is included in the amendment. The main goal has been to position X.509 for new challenges, such smart grid security and security for Internet of Things with battery driven devices, very short messages (can we put a 257 octets signature on a few octets message?) , short reaction time requirements, many millions of entities, etc. This is all very different from Web-based systems. Kind regards, Erik
- [pkix] Next edition of X.509 Erik Andersen
- Re: [pkix] Next edition of X.509 Stephen Farrell
- Re: [pkix] Next edition of X.509 Erik Andersen
- Re: [pkix] Next edition of X.509 Stephen Farrell
- Re: [pkix] Next edition of X.509 Peter Bowen
- Re: [pkix] Next edition of X.509 Erik Andersen
- Re: [pkix] Next edition of X.509 Peter Bowen
- Re: [pkix] Next edition of X.509 Michael StJohns
- Re: [pkix] Next edition of X.509 Peter Bowen
- Re: [pkix] Next edition of X.509 Santosh Chokhani
- Re: [pkix] Next edition of X.509 Erwann Abalea
- Re: [pkix] Next edition of X.509 Santosh Chokhani
- Re: [pkix] Next edition of X.509 Peter Bowen
- Re: [pkix] Next edition of X.509 Erwann Abalea
- Re: [pkix] Next edition of X.509 Stephen Farrell
- Re: [pkix] Next edition of X.509 Santosh Chokhani
- Re: [pkix] Next edition of X.509 Peter Bowen
- Re: [pkix] Next edition of X.509 Stephen Farrell
- Re: [pkix] Next edition of X.509 Erik Andersen
- Re: [pkix] Next edition of X.509 Erik Andersen
- Re: [pkix] Next edition of X.509 Peter Bowen
- Re: [pkix] Next edition of X.509 Martin Rex
- Re: [pkix] Next edition of X.509 Wei Chuang
- Re: [pkix] Next edition of X.509 Erik Andersen
- Re: [pkix] Next edition of X.509 Jeffrey Walton
- Re: [pkix] Next edition of X.509 Erwann Abalea