Lightweight Directory Access Protocol (LDAP) Registrations for PKCS #9

Document Type Active Internet-Draft (individual in art area)
Author Sean Leonard 
Last updated 2017-11-13
Stream IETF
Intended RFC status Informational
Formats plain text pdf htmlized (tools) htmlized bibtex
Stream WG state Submitted to IESG for Publication
Document shepherd No shepherd assigned
IESG IESG state IESG Evaluation::AD Followup
Consensus Boilerplate Yes
Telechat date
Needs a YES.
Responsible AD Alexey Melnikov
Send notices to (None)
IANA IANA review state Version Changed - Review Needed
Network Working Group                                         S. Leonard
Internet-Draft                                             Penango, Inc.
Intended Status: Informational                         November 14, 2017
Expires: May 18, 2018                                                   

              Lightweight Directory Access Protocol (LDAP)
                       Registrations for PKCS #9


   PKCS #9 includes several useful definitions that are not yet
   reflected in the LDAP IANA registry. This document adds those
   definitions to the IANA registry.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF). Note that other groups may also distribute working
   documents as Internet-Drafts. The list of current Internet-Drafts is

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time. It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on May 18, 2018.

Copyright Notice

   Copyright (c) 2017 IETF Trust and the persons identified as the
   document authors. All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   ( in effect on the date of
   publication of this document. Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document. Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.


Leonard                      Informational                      [Page 1]
Internet-Draft         LDAP PKCS #9 Registrations      November 14, 2017

1.  Introduction

   This document registers the LDAP [LDAPMAP] schema definitions
   [LDAPDIM] for a subset of elements specified in PKCS #9 [PKCS#9],
   including attribute types; matching rules and syntaxes to be used
   with these attribute types; and related object classes.

   The Public Key Cryptography Standard (PKCS) series is a group of
   documents originally published by RSA Security, Inc. in the early
   1990s. These de-facto industry standards specify cryptographic
   formats and associated operations, such as the mathematical
   properties of the RSA algorithm and of cryptographic software and
   hardware modules. Since initial publication, change control of many
   PKCS documents was transferred to the IETF.

   [PKCS#9] "Selected Object Classes and Attribute Types" "provides a
   selection of object classes and attribute types for use in
   conjunction with public-key cryptography and Lightweight Directory
   Access Protocol (LDAP) accessible directories." Many of these ASN.1
   data items are used throughout cryptographic implementations, but
   standardized names were never put into the IANA LDAP Parameters
   registry. LDAP parameters are frequently user-visible (for better or
   for worse) so registering these parameters will improve both
   interoperability and usability.

   As the elements and their semantics are defined in [PKCS#9], this
   document needs to be read in conjunction with [PKCS#9] to make use of
   the LDAP registrations provided herein. [PKCS#9] provides complete
   definitions, with one significant omission: the IANA Considerations
   section was never appended. This document provides the IANA
   Considerations section necessary to register appropriate descriptors.

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   document are to be interpreted as described in [BCP14].

2.  Syntaxes

   Appendix B.1 of [PKCS#9] describes various syntaxes used in LDAP to
   transfer PKCS #9 elements and related data types.

3.  Matching Rules

   Appendix B.4 of [PKCS#9] provides matching rules for use in LDAP.

4.  Attribute Types

   Appendix B.3 of [PKCS#9] details attribute types for use in LDAP,

Leonard                      Informational                      [Page 2]
Internet-Draft         LDAP PKCS #9 Registrations      November 14, 2017

   including (by its own admission) attributes that are "highly
   unlikely" to be stored in a Directory. This document registers all
   such attributes en masse.

   [PKCS#9] includes certain attribute types that have found meaningful
   use outside of the PKCS series. Specifically:
Show full document text