[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: storing certificates "as is"
Hi Kurt!
I think you are referring to draft-ietf-ldapbis-ldapv3-ts-00?
Thanks,
Kathy
"Kurt D. Zeilenga" wrote:
>
> At 03:26 PM 2001-12-12, David Chadwick wrote:
> >Does anyone know where there is text that states that a server must
> >return exactly the same information (attribute value) that was presented
> >to it, either always or when the ;binary encoding is used.
>
> To the best of my knowledge, there is no mandate that servers
> preserve values nor their representations. The technical
> specification hints at a few cases (including ;binary) where
> the representation may not be preserved and at least one case
> (directoryString) where the values may not be preserved.
>
> >This is obviously essential for all signed values eg certificates, CRLs etc.
>
> One would think that value preservation would be essential for
> many applications, and, for some applications (.g., signed data),
> the preservation of the representation is as well. It would be
> quite appropriate for applications needing preservation of values
> or preservation of representation of values to state so in
> applicability statement. They likely should do on a per syntax basis.
>
> That is, an LDAP applicability statement for PKI applications should
> state that servers shall preserve values and preserve representation
> of values for select syntaxes (certificates, CRLs, etc.).
>
> >Before I add this text into every schema definition for signed objects,
> >it would be nice to know that a LDAPv3 bis document already contained
> >text along these lines as a general statement, rather than making it specific to signed attribute values
>
> It doesn't. This lack of a mandate should be discussed in the
> technical specification.
>
> Kurt