[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: LBER (BER restrictions)

To: Jim Sermersheim <JIMSE@novell.com>, mcs@netscape.com
Subject: RE: LBER (BER restrictions)
From: "Ramsay, Ron" <Ron.Ramsay@ca.com>
Date: Thu, 23 Nov 2000 12:28:07 +1100
Cc: ietf-ldapbis@OpenLDAP.org

Whoa! The exemption applies to ASN.1 values carried opaquely in the protocol
as OCTET STRINGs. This eliminates LDAPString, LDAPOID,
AuthenticationChoice.simple. Also, I don't think the format of the contents
of Control.controlValue, SaslCredentials.credentials,
ExtendedResponse.response are specified - they may be text.

The text should just say that ASN.1 values carried opaquely as octet strings
are not subject to the restriction.

Ron.

-----Original Message-----
From: Jim Sermersheim [mailto:JIMSE@novell.com]
Sent: Thursday, 23 November 2000 9:57
To: mcs@netscape.com
Cc: ietf-ldapbis@OpenLDAP.org
Subject: Re: LBER (BER restrictions)

Looking at this again, I suggest we enumerate all things that are OCTET
STRING values and explicitly state those that are exceptions to the BER
restrictions.

value                         exempt?

LDAPString                    no (are there special cases where this is
yes?)
LDAPOID                       no
AttributeValue                yes
AssertionValue                yes
Control.controlValue          no?
AuthenticationChoice.simple   yes?
SaslCredentials.credentials   yes
BindResponse.serverSaslCred   yes
ExtendedRequest.requestValue  no?
ExtendedResponse.response     no?

I'm not sure about those with ? marks.

>>> Mark Smith <mcs@netscape.com> 11/22/00 1:44:34 PM >>>
Jim Sermersheim wrote:
> 
> In section 5.1 of RFC 2251, after enumerating the restrictions on BER it
says:
> 
> "These restrictions do not apply to ASN.1 types encapsulated inside of
> OCTET STRING values, such as attribute values, unless otherwise noted."
> 
> I think this should also apply control values and extended operation
values.
> If so, I'll call those out as well here for clarification.

Are you suggesting that Control/controlValue,
ExtendedRequest/requestValue, and ExtendedResponse/response NOT be
subject to the BER restrictions outlined in section 5.1?  I would prefer
that they continue to be subject to the restrictions.  Why?  Because
controls and extensions can be standardized and there are advantages in
having the restrictions in place (both in terms of increased efficiency
and in terms of reduced complexity).

-- 
Mark Smith
Directory Product Development / Netscape

Prev by Date: RE: Critical controls
Next by Date: RE: Critical controls
Index(es):
- Chronological
- Thread