Free standards! Get your free standards here!

A few years ago ITU began several trials of free distribution of its 
recommendations. In the most recent trial, anyone could get three 
free recommendations in PDF. The recommendations had to be at least 
two years old.

ITU considers that experiment a substantial success. It recently 
announced that the experimental phase is over. The announcement can 
be found at 
http://www.itu.int/ITU-T/newslog/Free+Access+For+All+To+ITUT+Standards.aspx

One can now get any number of recommendations at no charge regardless 
of when the recommendations were published.

These are still copyrighted documents so one should probably not 
redistribute the actual standards. However, since they are online, 
one need only publish the appropriate URL.

Links to all recommendations can be found at 
http://www.itu.int/ITU-T/publications/recs.html

Links to the X series, including the X.500 series, can be found at 
http://www.itu.int/rec/T-REC-X/e These are in English; links for 
versions in French and Spanish can be be found at the top right-hand 
corner of the page.

Links to the latest two editions of X.509, March 2000 and August 
2007, can be found at http://www.itu.int/rec/T-REC-X.509/en

Enjoy. I for one am grateful for the permanent adoption of this 

Re: Free standards! Get your free standards here!

That's correct. The ASN.1 has always been freely available. Other work can include it in part or in whole.
That has not changed.

I suspect that identifying the Recommendation number and year of publication is adequate for
attribution. I identify both the ISO and ITU standards if appropriate. X.500 is collaborative work and
the standard is published identically by both organizations differing only in the foreword. For example
ITU-T Recommendation (or Rec.) X.509 (08 2005) and ISO/IEC 9594-8:2005. The practice in the standard is
to replace the "and" with the vertical bar character, as in Backus-Naur or Unix pipe. The addition of the
month to the ITU-T recommendation is recent with the last edition. Note also that for several edltions of
the standard  the dates are different for ISO and ITU since the practice of ITU is to use the date of plenary
approval and ISO uses the date of publication.

   hoyt

>Great news!
>
>Many of the standard documents contain ASN.1 definitions for various protocols.
>I recall a copyright policy document that said that ASN.1 definitions
>should be treated as contributed text and as such
>there were no restrictions on implementations based on these ASN.1 definitions.
>Is this correct?
>
>If that is correct, can it be clarified more explicitely?
>
>
>Also, if using the ASN.1 definitions verbatim from a ITU-T standard,
>are there any recommendations on how one should
>annotate the ASN.1 file to credit ITU-T ?
>

RE: Free standards! Get your free standards here!

Hi,

For your information, our X.500 site (http://www.x500standard.com/) has
direct links to all the latest X.500 documents. In addition you can find
information about the extension work.

Erik Andersen
Andersen's L-Service
Mobile: +45 20 97 14 90
e-mail: era <at> tdcadsl.dk
http://www.x500standard.com/
http://home20.inet.tele.dk/era/me

> -----Original Message-----
> From: owner-ietf-pkix <at> mail.imc.org [mailto:owner-ietf-pkix <at> mail.imc.org]
> On Behalf Of Hoyt L Kesterson II
> Sent: 5. november 2007 03:51
> To: Recipient List Suppressed:
> Subject: Free standards! Get your free standards here!
> 
> 
> A few years ago ITU began several trials of free distribution of its
> recommendations. In the most recent trial, anyone could get three
> free recommendations in PDF. The recommendations had to be at least
> two years old.
> 
> ITU considers that experiment a substantial success. It recently
> announced that the experimental phase is over. The announcement can
> be found at

sip-eku and sip-domain-certs drafts

Hello:

For a good part of this year, Scott Lawrence and I have been working
on the usage of X.509 certificates in SIP TLS connections.  As part
of that work, we have solicited -- and received excellent -- advice
from the PKIX WG on related issues (many thanks!).

The PKIX-related parts of the work has been defining a key usage
extension that identifies the holder of the certificate as
authoritative for a SIP service in a domain, and the interpretation
and usage of identities stored in a X.509 certificate when used
for SIP.

The original draft that was reviewed by the PKIX WG was
draft-gurbani-sip-domain-certs.  When this work was adopted as
a SIP WG deliverable, we split the draft into two.  One of these
drafts -- draft-ietf-sip-eku -- discusses EKU extension.  A
companion draft -- draft-ietf-sip-domain-certs -- describes
how to use identities in X.509 certificates and perform mutual
authentication between two SIP domains.

Now that the ideas and the work has been fully fleshed out, we
would kindly like to solicit a final review from PKIX on these
documents.  The URLs are:

http://tools.ietf.org/html/draft-ietf-sip-eku-00
http://www.ietf.org/internet-drafts/draft-ietf-sip-domain-certs-00.txt

Thank you in advance for your time and attention to this.

RFC3647 Question

Re: RFC3647 Question

Sean,

I am not quite sure what you are asking here? Are you talking about 
moving keys in terms of where back-ups (or perhaps archival data) are 
kept, or is there some reason an operational key needs to move??
Anyway the following 3 places may be good candidates...
6.1  Key pair generation and installation
6.2  Private Key Protection and Cryptographic Module Engineering Controls
6.3  Other aspects of key pair management

Regards,
-Scott

Turner, Sean P. wrote:
>
> Where would you put statements about physically moving a CA's private 
> from one location to another (e.g., from New York to L.A.)?   There 
> doesn't seem to be a place to put it in the RFC3647 format.  Has 
> anybody got something like this in their CP/CPS?
>
> spt
>

--

-- 
Scott Rea

Fwd: I-D Action:draft-hoffman-pkix-new-asn1-00.txt

Greetings again. Jim Schaad and I have created a draft that contains 
revised ASN.1 modules for some of the standards-track RFCs for PKIX. 
These modules conform to ASN.1 2002. We want to see if people are 
interested in bringing the PKIX specs up to the new ASN.1 now that 
there is an open source, freeware ASN.1 compiler for ASN.1 2002, a2c 
(see <http://code.google.com/p/a2c/>).

This is definitely a first draft. There is a list of issues that we 
want to address, and we expect more issues to come up in the WG. 
Please review the draft and let us know what you think. FWIW, there 
is a parallel draft for CMS and S/MIME.

>A New Internet-Draft is available from the on-line Internet-Drafts 
>directories.
>
>	Title           : New ASN.1 Modules for PKIX
>	Author(s)       : P. Hoffman, J. Schaad
>	Filename        : draft-hoffman-pkix-new-asn1-00.txt
>	Pages           : 68
>	Date            : 2007-11-08
>
>The PKIX certificate format, and many associated formats, are
>expressed using ASN.1.  The current ASN.1 modules conform to the 1988
>version of ASN.1.  This document updates those ASN.1 modules to
>conform to the 2002 version of ASN.1.  There are no bits-on-the-wire
>changes to any of the formats; this is simply a change to the syntax.
>
>A URL for this Internet-Draft is:
>http://www.ietf.org/internet-drafts/draft-hoffman-pkix-new-asn1-00.txt

--Paul Hoffman, Director
--VPN Consortium

RE: RFC3647 Question

RE: RFC3647 Question

Re: RFC3647 Question

I think Sean is asking where to document the protection necessary if 
the CA is physically moved from one facility to another.

Russ

At 03:53 PM 11/8/2007, Scott Rea wrote:

>Sean,
>
>I am not quite sure what you are asking here? Are you talking about 
>moving keys in terms of where back-ups (or perhaps archival data) 
>are kept, or is there some reason an operational key needs to move??
>Anyway the following 3 places may be good candidates...
>6.1  Key pair generation and installation
>6.2  Private Key Protection and Cryptographic Module Engineering Controls
>6.3  Other aspects of key pair management
>
>Regards,
>-Scott
>
>
>Turner, Sean P. wrote:
>>
>>Where would you put statements about physically moving a CA's 
>>private from one location to another (e.g., from New York to 
>>L.A.)?   There doesn't seem to be a place to put it in the RFC3647 
>>format.  Has anybody got something like this in their CP/CPS?
>>
>>spt
>
>--
>Scott Rea
>
>