Clarify if reference to ITU-T X.509 shall be updated to RFC 5280

[HBrock]

Russ wrote: Mike:

Hmm. 4210 pre-dates 5280. I suppose there are two questions here:

1) can someone who was around please illuminate on why 2510/4210 references an ISO doc and not an IETF doc (2459/3280/5280)?

I do not recall why RFC 2510 did not reference RFC 2459. However, the development of the two documents was going on at the same time. My guess is that we did not know which would reach the RFC Editor first.

2) Is it a trivial change to swap out the X.509 reference? Or will that turn into a cascade of difference-hunting and backwards compatibility? Is that worth doing?

Reference to RFC 5280 seems like the right thing to do today. Russ

Michael wrote: In https://datatracker.ietf.org/doc/draft-ietf-lamps-rfc4210bis/ it says: The term "certificate" in this document refers to an X.509v3 Certificate as defined in [ITU.X509.2000]. and I wondered why an ITU document is referred to, rather than RFC5280. Further, why the 2000 era document, when I think there is a 2019 one. {at least, the 2019 version is freely available, but I can't find the 2000 era document easily}

[HBrock]

RFC 2510 / RFC 4210 define “certificate” as defined in ITU-T X.509 in the abstract / in the introduction. Of course, the term “certificate” is used on many many places.

RFC 2510 and RFC 4210 use the ASN.1 types Certificate as defined in RFC 2459. RFC 4210 introduces the ASN.1 type CMPCertificate.

      CMPCertificate ::= CHOICE {
         x509v3PKCert        Certificate
      }
   -- This syntax, while bits-on-the-wire compatible with the
   -- standard X.509 definition of "Certificate", allows the
   -- possibility of future certificate types […]

With the 2002 ASN.1 module updates the type Certificate is imported from the 2002 ASN.1 module of RFC 5280. As the ASN.1 module in rfc4210bis in based upon that 2002 ASN.1 module, it clearly imports from RFC 5280. Therefore, I think it is safe to change the reference from ITU-T X.509 to RFC 5280.