Diff: draft-ietf-pkix-authorityclearanceconstraints-01.txt - draft-ietf-pkix-authorityclearanceconstraints-02.txt

	< draft-ietf-pkix-authorityclearanceconstraints-01.txt	draft-ietf-pkix-authorityclearanceconstraints-02.txt >
	Network Working Group Sean Turner	Network Working Group Sean Turner
	Internet Draft IECA	Internet Draft IECA
	Intended Status: Standard Track Santosh Chokhani	Intended Status: Standard Track Santosh Chokhani
	CygnaCom Solutions	CygnaCom Solutions

	Expires: September 4, 2009 March 4, 2009	Expires: September 24, 2009 March 24, 2009

	Clearance Attribute and Authority Clearance Constraints	Clearance Attribute and Authority Clearance Constraints
	Certificate Extension	Certificate Extension

	draft-ietf-pkix-authorityclearanceconstraints-01.txt	draft-ietf-pkix-authorityclearanceconstraints-02.txt

	Status of this Memo	Status of this Memo

	This Internet-Draft is submitted to IETF in full conformance with the	This Internet-Draft is submitted to IETF in full conformance with the
	provisions of BCP 78 and BCP 79.	provisions of BCP 78 and BCP 79.

	Internet-Drafts are working documents of the Internet Engineering	Internet-Drafts are working documents of the Internet Engineering
	Task Force (IETF), its areas, and its working groups. Note that	Task Force (IETF), its areas, and its working groups. Note that
	other groups may also distribute working documents as Internet-	other groups may also distribute working documents as Internet-
	Drafts.	Drafts.

	skipping to change at page 1, line 33 ¶	skipping to change at page 1, line 33 ¶
	and may be updated, replaced, or obsoleted by other documents at any	and may be updated, replaced, or obsoleted by other documents at any
	time. It is inappropriate to use Internet-Drafts as reference	time. It is inappropriate to use Internet-Drafts as reference
	material or to cite them other than as "work in progress."	material or to cite them other than as "work in progress."

	The list of current Internet-Drafts can be accessed at	The list of current Internet-Drafts can be accessed at
	http://www.ietf.org/ietf/1id-abstracts.txt	http://www.ietf.org/ietf/1id-abstracts.txt

	The list of Internet-Draft Shadow Directories can be accessed at	The list of Internet-Draft Shadow Directories can be accessed at
	http://www.ietf.org/shadow.html	http://www.ietf.org/shadow.html


	This Internet-Draft will expire on September 4, 2009.	This Internet-Draft will expire on September 24, 2009.

	Copyright Notice	Copyright Notice

	Copyright (c) 2009 IETF Trust and the persons identified as the	Copyright (c) 2009 IETF Trust and the persons identified as the
	document authors. All rights reserved.	document authors. All rights reserved.

	This document is subject to BCP 78 and the IETF Trust's Legal	This document is subject to BCP 78 and the IETF Trust's Legal
	Provisions Relating to IETF Documents in effect on the date of	Provisions Relating to IETF Documents in effect on the date of
	publication of this document (http://trustee.ietf.org/license-info).	publication of this document (http://trustee.ietf.org/license-info).
	Please review these documents carefully, as they describe your rights	Please review these documents carefully, as they describe your rights

	skipping to change at page 4, line 39 ¶	skipping to change at page 4, line 39 ¶
	Section 4.4.6 of [3281bis], which is included below for convenience,	Section 4.4.6 of [3281bis], which is included below for convenience,
	in the Attributes field. A certificate MUST include either zero or	in the Attributes field. A certificate MUST include either zero or
	one instance of the Clearance attribute. If the Clearance attribute	one instance of the Clearance attribute. If the Clearance attribute
	is present, it must contain a single value.	is present, it must contain a single value.

	The following object identifier identifies the Clearance attribute	The following object identifier identifies the Clearance attribute
	(either in the subject directory attributes extension of a PKC or in	(either in the subject directory attributes extension of a PKC or in
	the Attributes field of an AC):	the Attributes field of an AC):

	id-at-clearance OBJECT IDENTIFIER ::= { joint-iso-ccitt(2)	id-at-clearance OBJECT IDENTIFIER ::= { joint-iso-ccitt(2)

	ds(5) attributeTypes(5) clearance(55) }	ds(5) attributeTypes(4) clearance(55) }

	The ASN.1 syntax for the Clearance attribute is as follows [PKI-ASN]:	The ASN.1 syntax for the Clearance attribute is as follows [PKI-ASN]:

	Clearance ::= SEQUENCE {	Clearance ::= SEQUENCE {
	policyId OBJECT IDENTIFIER,	policyId OBJECT IDENTIFIER,
	classList ClassList DEFAULT {unclassified},	classList ClassList DEFAULT {unclassified},
	securityCategories SET OF SecurityCategory OPTIONAL	securityCategories SET OF SecurityCategory OPTIONAL
	}	}
	ClassList ::= BIT STRING {	ClassList ::= BIT STRING {
	unmarked (0),	unmarked (0),

	skipping to change at page 15, line 48 ¶	skipping to change at page 15, line 48 ¶

	10. IANA Considerations	10. IANA Considerations

	None. Please remove this section prior to publication as an RFC.	None. Please remove this section prior to publication as an RFC.

	11. References	11. References

	11.1. Normative References	11.1. Normative References

	[PKI-ASN] Hoffman, P., and J. Schaad, "New ASN.1 Modules for PKIX",	[PKI-ASN] Hoffman, P., and J. Schaad, "New ASN.1 Modules for PKIX",

	draft-ietf-pkix-new-asn1, work-in-progress.	draft-ietf-pkix-new-asn1-03, work-in-progress.


	/*** RFC EDITOR: Please replace PKI-ASN with RFCXYZA when draft-ietf-	/*** RFC EDITOR: Please replace PKI-ASN with RFC#### when draft-ietf-
	pkix-new-asn1 is published.	pkix-new-asn1 is published.

	[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate	[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
	Requirement Levels", BCP 14, RFC 2119, March 1997.	Requirement Levels", BCP 14, RFC 2119, March 1997.

	[3281bis] Farrell, S., Housely, R., and S. Turner, "An Internet	[3281bis] Farrell, S., Housely, R., and S. Turner, "An Internet
	Attribute Certificate Profile for Authorization: Update",	Attribute Certificate Profile for Authorization: Update",
	draft-ietf-pkix-3281update-04, work-in-progress.	draft-ietf-pkix-3281update-04, work-in-progress.

	/*** RFC EDITOR: Please replace 3281bis with RFCXYZA when draft-ietf-	/*** RFC EDITOR: Please replace 3281bis with RFCXYZA when draft-ietf-

	skipping to change at page 17, line 47 ¶	skipping to change at page 17, line 47 ¶
	id-mod-pkixCommon(43)	id-mod-pkixCommon(43)
	}	}
	;	;

	-- Clearance attribute OID and syntax	-- Clearance attribute OID and syntax

	-- The following is a '93 version for clearance.	-- The following is a '93 version for clearance.
	-- It is included for convenience.	-- It is included for convenience.

	-- id-at-clearance OBJECT IDENTIFIER ::=	-- id-at-clearance OBJECT IDENTIFIER ::=

	-- { joint-iso-ccitt(2) ds(5) attributeTypes(5) clearance (55) }	-- { joint-iso-ccitt(2) ds(5) attributeTypes(4) clearance (55) }
	-- Clearance ::= SEQUENCE {	-- Clearance ::= SEQUENCE {
	-- policyId OBJECT IDENTIFIER,	-- policyId OBJECT IDENTIFIER,
	-- classList ClassList DEFAULT {unclassified},	-- classList ClassList DEFAULT {unclassified},
	-- securityCategories SET OF SecurityCategory OPTIONAL	-- securityCategories SET OF SecurityCategory OPTIONAL
	-- }	-- }

	-- ClassList ::= BIT STRING {	-- ClassList ::= BIT STRING {
	-- unmarked (0),	-- unmarked (0),
	-- unclassified (1),	-- unclassified (1),
	-- restricted (2),	-- restricted (2),

End of changes. 7 change blocks.
	7 lines changed or deleted	7 lines changed or added
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/