idnits 2.17.1 draft-seantek-ldap-pkcs9-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 1 instance of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (September 10, 2014) is 3515 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- -- Obsolete informational reference (is this intentional?): RFC 5750 (Obsoleted by RFC 8550) Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group S. Leonard 3 Internet-Draft Penango, Inc. 4 Intended Status: Informational September 10, 2014 5 Expires: March 14, 2015 7 Lightweight Directory Access Protocol (LDAP) 8 Registrations for PKCS #9 9 draft-seantek-ldap-pkcs9-00.txt 11 Abstract 13 PKCS #9 includes several useful definitions that are not yet 14 reflected in the LDAP IANA registry. This document adds those 15 definitions to the IANA registry. 17 Status of This Memo 19 This Internet-Draft is submitted in full conformance with the 20 provisions of BCP 78 and BCP 79. 22 Internet-Drafts are working documents of the Internet Engineering 23 Task Force (IETF). Note that other groups may also distribute working 24 documents as Internet-Drafts. The list of current Internet-Drafts is 25 at http://datatracker.ietf.org/drafts/current/. 27 Internet-Drafts are draft documents valid for a maximum of six months 28 and may be updated, replaced, or obsoleted by other documents at any 29 time. It is inappropriate to use Internet-Drafts as reference 30 material or to cite them other than as "work in progress." 32 This Internet-Draft will expire on March 14, 2015. 34 Copyright Notice 36 Copyright (c) 2014 IETF Trust and the persons identified as the 37 document authors. All rights reserved. 39 This document is subject to BCP 78 and the IETF Trust's Legal 40 Provisions Relating to IETF Documents 41 (http://trustee.ietf.org/license-info) in effect on the date of 42 publication of this document. Please review these documents 43 carefully, as they describe your rights and restrictions with respect 44 to this document. Code Components extracted from this document must 45 include Simplified BSD License text as described in Section 4.e of 46 the Trust Legal Provisions and are provided without warranty as 47 described in the Simplified BSD License. 49 1. Introduction 51 This document registers the LDAP [RFC4510] schema definitions 52 [RFC4512] for a subset of elements specified in PKCS #9 [PKCS9], 53 including attribute types; matching rules and syntaxes to be used 54 with these attribute types; and related object classes. 56 As the elements and their semantics are defined in [PKCS9], this 57 document needs to be read in conjunction with [PKCS9] to make use of 58 the LDAP registrations provided herein. [PKCS9] provides complete 59 definitions, with one significant omission: the IANA Considerations 60 section was never appended. This document provides the IANA 61 Considerations section necessary to register appropriate descriptors. 63 2. Syntaxes 65 Appendix B.1 of [PKCS9] describes various syntaxes used in LDAP to 66 transfer PKCS #9 elements and related data types. 68 3. Matching Rules 70 Appendix B.4 of [PKCS9] provides matching rules for use in LDAP. 72 4. Attribute Types 74 Appendix B.3 of [PKCS9] details attribute types for use in LDAP, 75 including (by its own admission) attributes that are highly unlikely 76 to be stored in a Directory. For parity, all attributes in Appendix 77 B.3--but not necessarily in PKCS #9 as a whole--are registered via 78 this document. 80 4.1 Short Descriptors for Certain Useful Attribute Types 82 [PKCS9] includes certain attribute types that have found meaningful 83 use outside of the PKCS series. Specifically: 85 o emailAddress is mandated in [RFC5750], and has mandatory 86 processing requirements if included in a certificate [RFC5280]. 87 o [RFC5280] recommends the recognition of pseudonym. 88 o The Qualified Certificates Profile [RFC3739] requires both 89 pseudonym and the vital records dateOfBirth, placeOfBirth, 90 gender, countryOfCitizenship, and countryOfResidence. 92 As a result, certain applications not only encounter and generate 93 these attributes in practice, but also use short descriptors that 94 have come to be widely recognized. 96 As permitted by Section 3.4 of [RFC4520], the short descriptors in 97 Table 1 are registered along with their more verbose counterparts 98 reflected in [PKCS9]: 100 Short Descriptor Regular Descriptor 101 --------------------------------------- 102 e emailAddress 103 dob dateOfBirth 104 pob placeOfBirth 105 g gender 106 coc countryOfCitizenship 107 cor countryOfResidence 108 pnym pseudonym 110 Table 1: Short Descriptors for Certain Attribute Types 112 5. Object Classes 114 Appendix B.2 of [PKCS9] details a set of object classes for use in 115 LDAP. 117 6. Security Considerations 119 PKCS #9 security considerations (written for the RFC edition) [PKCS9] 120 apply to the definitions in this document. General LDAP security 121 considerations [RFC4510] apply as well. 123 7. IANA Considerations 125 The IANA shall register an LDAP Object Identifier [RFC4520] for use 126 in this technical specification, and shall update the LDAP Descriptor 127 registry [RFC4520], as indicated below. 129 7.1. Object Identifier Registration 131 Subject: Request for LDAP OID Registration 132 Person & email address to contact for further information: 133 Sean Leonard 134 Specification: draft-seantek-ldap-pkcs9 135 Author/Change Controller: IESG 136 Comments: 137 Identifies the PKCS #9 schema elements registered in 138 the IANA LDAP Descriptor and Syntaxes registries via 139 this document. 141 7.2. Descriptor Registration 143 Subject: Request for LDAP Descriptor Registration 144 Descriptor (short name): see table 145 Object Identifier: see table 146 Person & email address to contact for further information: 147 Sean Leonard 148 Usage: see table 149 Specification: draft-seantek-ldap-pkcs9 150 Author/Change Controller: IESG 152 pkcsEntity O 1.2.840.113549.1.9.24.1 153 naturalPerson O 1.2.840.113549.1.9.24.2 155 pKCS7PDU A 1.2.840.113549.1.9.25.5 156 userPKCS12 A 2.16.840.1.113730.3.1.216 157 pKCS15Token A 1.2.840.113549.1.9.25.1 158 encryptedPrivateKeyInfo A 1.2.840.113549.1.9.25.2 160 e A 1.2.840.113549.1.9.1 162 unstructuredName A 1.2.840.113549.1.9.2 163 unstructuredAddress A 1.2.840.113549.1.9.8 165 dob A 1.3.6.1.5.5.7.9.1 166 dateOfBirth A 1.3.6.1.5.5.7.9.1 167 pob A 1.3.6.1.5.5.7.9.2 168 placeOfBirth A 1.3.6.1.5.5.7.9.2 169 g A 1.3.6.1.5.5.7.9.3 170 gender A 1.3.6.1.5.5.7.9.3 171 coc A 1.3.6.1.5.5.7.9.4 172 countryOfCitizenship A 1.3.6.1.5.5.7.9.4 173 cor A 1.3.6.1.5.5.7.9.5 174 countryOfResidence A 1.3.6.1.5.5.7.9.5 176 pnym A 2.5.4.65 178 contentType A 1.2.840.113549.1.9.3 179 messageDigest A 1.2.840.113549.1.9.4 180 signingTime A 1.2.840.113549.1.9.5 181 counterSignature A 1.2.840.113549.1.9.6 182 challengePassword A 1.2.840.113549.1.9.7 184 pkcs9CaseIgnoreMatch M 1.2.840.113549.1.9.27.1 185 signingTimeMatch M 1.2.840.113549.1.9.27.3 187 7.3. PKCS9String Syntax Registration 189 Subject: Request for LDAP Syntax Registration 190 Object Identifier: 1.2.840.113549.1.9.26.1 191 Description: PKCS9String 192 Person & email address to contact for further information: 193 Sean Leonard 194 Specification: draft-seantek-ldap-pkcs9 195 Author/Change Controller: IESG 196 Comments: 197 Identifies the PKCS #9 String syntax, which is 198 a CHOICE of IA5String and DirectoryString. 200 7.4. SigningTime Syntax Registration 202 Subject: Request for LDAP Syntax Registration 203 Object Identifier: 1.2.840.113549.1.9.26.2 204 Description: SigningTIme 205 Person & email address to contact for further information: 206 Sean Leonard 207 Specification: draft-seantek-ldap-pkcs9 208 Author/Change Controller: IESG 209 Comments: 210 Identifies the SigningTime syntax, which is Time, 211 which is a CHOICE of UTCTime and GeneralizedTime. 213 8. Acknowledgements 215 This document relies on PKCS #9, a product of RSA Laboratories. 217 9. References 219 9.1. Normative References 221 [PKCS9] Nystrom, M. and Kaliski, B., "PKCS #9: Selected Object 222 Classes and Attribute Types Version 2.0", RFC 2985, 223 November 2000. 225 [RFC4510] Zeilenga, K., Ed., "Lightweight Directory Access Protocol 226 (LDAP): Technical Specification Road Map", RFC 4510, June 227 2006. 229 [RFC4512] Zeilenga, K., "Lightweight Directory Access Protocol 230 (LDAP): Directory Information Models", RFC 4512, June 231 2006. 233 [RFC4520] Zeilenga, K., "Internet Assigned Numbers Authority (IANA) 234 Considerations for the Lightweight Directory Access 235 Protocol (LDAP)", BCP 64, RFC 4520, June 2006. 237 9.2. Informative References 239 [RFC3739] Santesson, S., Nystrom, M., and T. Polk, "Internet X.509 240 Public Key Infrastructure: Qualified Certificates 241 Profile", RFC 3739, March 2004. 243 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 244 Housley, R., and W. Polk, "Internet X.509 Public Key 245 Infrastructure Certificate and Certificate Revocation List 246 (CRL) Profile", RFC 5280, May 2008. 248 [RFC5750] Ramsdell, B. and S. Turner, "Secure/Multipurpose Internet 249 Mail Extensions (S/MIME) Version 3.2 Certificate 250 Handling", RFC 5750, January 2010. 252 Author's Address 254 Sean Leonard 255 Penango, Inc. 256 5900 Wilshire Boulevard 257 21st Floor 258 Los Angeles, CA 90036 259 USA 261 EMail: dev+ietf@seantek.com 262 URI: http://www.penango.com/