Actually, for many syntaxes that have been defined, I believe that the statement is more along the lines that the server MUST return an "equivalent" value, but it need not be the exact same stream of bytes.
Based on the discussion during the workgroup today, it sounded to me as though the "octet string" syntax was what SHOULD be used if the desired behavior is "bytes in == bytes out".
David Chadwick <d.w.chadwick@salford.ac.uk> Sent by: owner-ietf-ldapbis@OpenLDAP.org
12/12/2001 05:26 PM
To: ietf-ldapbis@OpenLDAP.org
cc:
Subject: storing certificates "as is"
Does anyone know where there is text that states that a server must
return exactly the same information (attribute value) that was presented
to it, either always or when the ;binary encoding is used. This is
obviously essential for all signed values eg certificates, CRLs etc.
Before I add this text into every schema definition for signed objects,
it would be nice to know that a LDAPv3 bis document already contained
text along these lines as a general statement, rather than making it
specific to signed attribute values
David W. Chadwick, BSc PhD
Professor of Information Systems Security
IS Institute, University of Salford, Salford M5 4WT
Tel: +44 161 295 5351 Fax +44 161 745 8169
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick@salford.ac.uk
Home Page: http://www.salford.ac.uk/its024/chadwick.htm
Research Projects: http://sec.isi.salford.ac.uk
Understanding X.500: http://www.salford.ac.uk/its024/X500.htm
X.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5