draft-ietf-asid-pgp-01.txt   draft-ietf-asid-pgp-02.txt 
ASID Working Group Roland Hedberg ASID Working Group Roland Hedberg
INTERNET-DRAFT Umea University INTERNET-DRAFT Umea University
<draft-ietf-asid-pgp-01.txt> 20 September 1995 <draft-ietf-asid-pgp-02.txt> 20 February 1996
Expires: 20 August 1996
Definition of X.500 Attribute Types and a Definition of X.500 Attribute Types and a
Object Class to Hold public PGP keys. Object Class to Hold public PGP keys.
Status of this Memo Status of this Memo
This document is an Internet-Draft. Internet-Drafts are working This document is an Internet-Draft. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its documents of the Internet Engineering Task Force (IETF), its
areas, and its working groups. Note that other groups may also areas, and its working groups. Note that other groups may also
distribute working documents as Internet-Drafts. distribute working documents as Internet-Drafts.
skipping to change at page 2, line 9 skipping to change at page 2, line 9
keys to be included in X.500 Directory entries in a standard way. keys to be included in X.500 Directory entries in a standard way.
It is intended that the schema elements defined in this document It is intended that the schema elements defined in this document
will be progressed according to the process defined by the will be progressed according to the process defined by the
Internet X.500 Schema Working Group [4]. Internet X.500 Schema Working Group [4].
Schema Definition of PGPkey Attribute Types Schema Definition of PGPkey Attribute Types
Name: pGPKey Name: pGPKey
ShortName: ShortName:
Description: PrettyGoodPrivacy public encryptionkey Description: PrettyGoodPrivacy public key certificate
OID: umuAttributeType.9 (1.2.752.17.1.9) OID: umuAttributeType.9 (1.2.752.17.1.9)
Syntax: IA5String Syntax: IA5String
SizeRestriction: None SizeRestriction: None
SingleValued: True SingleValued: True
Name: pGPKeyRev Name: pGPKeyRev
ShortName: ShortName:
Description: PrettyGoodPrivacy public encryptionkey Description: PrettyGoodPrivacy public encryptionkey
revocation revocation
OID: umuAttributeType.10 (1.2.752.17.1.10) OID: umuAttributeType.10 (1.2.752.17.1.10)
skipping to change at page 2, line 40 skipping to change at page 2, line 40
SingleValued: True SingleValued: True
Name: pGPUserID Name: pGPUserID
ShortName: ShortName:
Description: PrettyGoodPrivacy encryptionkey user ID Description: PrettyGoodPrivacy encryptionkey user ID
OID: umuAttributeType.13 (1.2.752.17.1.13) OID: umuAttributeType.13 (1.2.752.17.1.13)
Syntax: caseIgnoreString Syntax: caseIgnoreString
SizeRestriction: None SizeRestriction: None
SingleValued: True SingleValued: True
Name: pGPKeyURL
Shortname:
Description: URL for a PGPkey with optional label
OID: umuAttributeType.18 (1.2.752.17.1.18)
Syntax: caseExactString
SizeRestriction: None
SingleValued: False
Discussion of the pGPKey Attribute Types Discussion of the pGPKey Attribute Types
The value for pGPKey and pGPKeyRev that is to be stored in The value for pGPKey and pGPKeyRev that is to be stored in
X.500 is the ASCII armored text format [5], as produced by X.500 is the ASCII armored text format [5], as produced by
the command pgp -kax, with possibly one small modification the command pgp -kax, with possibly one small modification
as described below. as described below.
The attribute syntax used is the IA5String . The attribute syntax used is the IA5String .
IA5String ::= OCTET STRING IA5String ::= OCTET STRING
skipping to change at page 3, line 19 skipping to change at page 3, line 41
pGPKeyID and pGPUserID is needed if one wants to use pGPKeyID and pGPUserID is needed if one wants to use
a X.500 directory service to emulate a PGP key server since a X.500 directory service to emulate a PGP key server since
the key servers normally allows you to search for keyIDs as well the key servers normally allows you to search for keyIDs as well
as matching on parts of the UserID. Since one of the designcriterias as matching on parts of the UserID. Since one of the designcriterias
was to make it ease to deploy the ideas in this draft I have was to make it ease to deploy the ideas in this draft I have
choosen standard attributetypes instead of inventing new ones, choosen standard attributetypes instead of inventing new ones,
therefore I have to limit pGPKey, pGPKeyID and pGPUserID to be therefore I have to limit pGPKey, pGPKeyID and pGPUserID to be
singlevalued to keep the connection between these values. singlevalued to keep the connection between these values.
pGPKeyURL should be used for those instances when there are
sound reasons for not keeping the keys within the directory
but rather storing them in some other place. pGPKeyURL is thought
to be structured much in the same way as the labeledURL [6]
attribute is, namely a URL optionally followed by one or more
space characters and a label. The label in this case could for
instance be the keyID of the pGPKey.
Schema Definition of pGPKeyObject Object Class Schema Definition of pGPKeyObject Object Class
Name: pGPKeyObject Name: pGPKeyObject
Description: Auxiliary object class that holds pGPKey Description: Auxiliary object class that holds pGPKey
information information
OID: umuObjectClass.4 (1.2.752.17.3.4) OID: umuObjectClass.4 (1.2.752.17.3.4)
SubclassOf: top SubclassOf: top
MustContain: MustContain:
MayContain: pGPKey, pGPKeyRev, pGPUserID, pGPKeyID MayContain: pGPKey, pGPKeyRev, pGPUserID, pGPKeyID,
pGPKeyURL
Discussion of the pGPKeyObject Object Class Discussion of the pGPKeyObject Object Class
The pGPKeyObject class is a subclass of top and may contain the The pGPKeyObject class is a subclass of top and may contain the
pGPKey, pGPKeyRev, pGPUserID and pGPKeyID attributes. The pGPKey, pGPKeyRev, pGPUserID, pGPKeyID and pGPKeyURL attributes.
intent is that this object class can be added to existing objects The intent is that this object class can be added to existing objects
to allow for inclusion of pGPKey values. It is therefore viewed to allow for inclusion of pGPKey values. It is therefore viewed
as a auxiliary objectclass. as a auxiliary objectclass.
This approach does not preclude including the pGPKey This approach does not preclude including the pGPKey
attribute type directly in other object classes as appropriate. attribute type directly in other object classes as appropriate.
Security Considerations Security Considerations
The basis for the use of PGP public keys are that you may validate The basis for the use of PGP public keys are that you may validate
them in two different ways if you get the public key over the net. them in two different ways if you get the public key over the net.
The first way depends on the fact that the public key as it is The first way depends on the fact that the public key as it is
skipping to change at page 4, line 29 skipping to change at page 5, line 29
[4] Howes, T., Rossen, K., Sataluri, S., and Wright, R., "Procedures [4] Howes, T., Rossen, K., Sataluri, S., and Wright, R., "Procedures
for Formalizing, Evolving, and Maintaining the Internet X.500 for Formalizing, Evolving, and Maintaining the Internet X.500
Directory Schema", Internet Draft (Work In Progress) of the Schema Directory Schema", Internet Draft (Work In Progress) of the Schema
Working Group, <URL:ftp://ds.internic.net/internet-drafts/draft- Working Group, <URL:ftp://ds.internic.net/internet-drafts/draft-
howes-x500-schema-02.txt> howes-x500-schema-02.txt>
[5] Atkins, D., Stallings, W. and Zimmerman, P., "PGP Message Exchange [5] Atkins, D., Stallings, W. and Zimmerman, P., "PGP Message Exchange
Formats", Internet Draft (Work in progress), Formats", Internet Draft (Work in progress),
<URL:ftp://ds.internic.net/internet-drafts/draft-pgp-pgpformat-00.txt> <URL:ftp://ds.internic.net/internet-drafts/draft-pgp-pgpformat-00.txt>
[6] Mark Smith, "Definition of X.500 Attribute Types and an Object
Class to Hold Uniform Resource Identifiers (URIs)", Internet Draft
(Work in progress),
<URL:ftp://ds.internic.net/internet-drafts/draft-ietf-asid-x500-url
-02.txt>
Author's Address Author's Address
Roland Hedberg Roland Hedberg
Umdac Umdac
Umea University Umea University
S-901 87 Umea, Sweden S-901 87 Umea, Sweden
Phone: +46 90 165165 Phone: +46 90 165165
Fax: +46 90 166766 Fax: +46 90 166766
EMail: Roland.Hedberg@umdac.umu.se EMail: Roland.Hedberg@umdac.umu.se
 End of changes. 7 change blocks. 
5 lines changed or deleted 30 lines changed or added

This html diff was produced by rfcdiff 1.33. The latest version is available from http://tools.ietf.org/tools/rfcdiff/