[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: storing certificates "as is"

To: "Volpers, Helmut" <helmut.volpers@icn.siemens.de>, ietf-ldapbis@OpenLDAP.org
Subject: RE: storing certificates "as is"
From: "Ramsay, Ron" <Ron.Ramsay@ca.com>
Date: Fri, 14 Dec 2001 10:37:47 +1100

(Presumably it means that certificates would be stored with certificate
syntax and recognised by the server as a special case. For other values, if
there is a need to store them exactly as they were added, define their
syntax to be octet string. -Ron)

-----Original Message-----
From: Volpers, Helmut [mailto:helmut.volpers@icn.siemens.de]
Sent: Thursday, 13 December 2001 21:30
To: 'Timothy Hahn'; ietf-ldapbis@OpenLDAP.org
Subject: RE: storing certificates "as is"

Tim, David,

What does this mean ? Does it mean you want to give a Certificate
OctetString Syntax ?
Does it mean you have not to check the syntax and don't need special
matching rules ?
What will be the equality matching rule, the issuer name and the serial
number or the complete
octet string ?

Helmut

-----Original Message-----
From: Timothy Hahn [mailto:hahnt@us.ibm.com]
Sent: Donnerstag, 13. Dezember 2001 01:54
To: ietf-ldapbis@OpenLDAP.org
Subject: Re: storing certificates "as is"

David, 

Actually, for many syntaxes that have been defined, I believe that the
statement is more along the lines that the server MUST return an
"equivalent" value, but it need not be the exact same stream of bytes. 

Based on the discussion during the workgroup today, it sounded to me as
though the "octet string" syntax was what SHOULD be used if the desired
behavior is "bytes in == bytes out".

Regards,
Tim Hahn

Internet: hahnt@us.ibm.com
Internal: Timothy Hahn/Endicott/IBM@IBMUS or IBMUSM00(HAHNT)
phone: 607.752.6388     tie-line: 8/852.6388
fax: 607.752.3681

	David Chadwick <d.w.chadwick@salford.ac.uk> 
Sent by: owner-ietf-ldapbis@OpenLDAP.org 

12/12/2001 05:26 PM 

        To:        ietf-ldapbis@OpenLDAP.org 
        cc:         
        Subject:        storing certificates "as is" 

Does anyone know where there is text that states that a server must
return exactly the same information (attribute value) that was presented
to it, either always or when the ;binary encoding is used. This is
obviously essential for all signed values eg certificates, CRLs etc.
Before I add this text into every schema definition for signed objects,
it would be nice to know that a LDAPv3 bis document already contained
text along these lines as a general statement, rather than making it
specific to signed attribute values

thanks

David

--
*****************************************************************

David W. Chadwick, BSc PhD
Professor of Information Systems Security
IS Institute, University of Salford, Salford M5 4WT
Tel: +44 161 295 5351  Fax +44 161 745 8169
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick@salford.ac.uk
Home Page:  http://www.salford.ac.uk/its024/chadwick.htm
Research Projects: http://sec.isi.salford.ac.uk
Understanding X.500:  http://www.salford.ac.uk/its024/X500.htm
X.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5 

***************************************************************** 

#### d.w.chadwick.vcf has been removed from this note on December 12 2001 by
Timothy Hahn

Prev by Date: RE: storing certificates "as is"
Next by Date: RE: storing certificates "as is"
Index(es):
- Chronological
- Thread