Re: storing certificates "as is"

[Kathy Dally <kdally@mitre.org>]

Hi Kurt!

I think you are referring to draft-ietf-ldapbis-ldapv3-ts-00?

Thanks,
Kathy


"Kurt D. Zeilenga" wrote:
> 
> At 03:26 PM 2001-12-12, David Chadwick wrote:
> >Does anyone know where there is text that states that a server must
> >return exactly the same information (attribute value) that was presented
> >to it, either always or when the ;binary encoding is used.
> 
> To the best of my knowledge, there is no mandate that servers
> preserve values nor their representations.  The technical
> specification hints at a few cases (including ;binary) where
> the representation may not be preserved and at least one case
> (directoryString) where the values may not be preserved.
> 
> >This is obviously essential for all signed values eg certificates, CRLs etc.
> 
> One would think that value preservation would be essential for
> many applications, and, for some applications (.g., signed data),
> the preservation of the representation is as well.  It would be
> quite appropriate for applications needing preservation of values
> or preservation of representation of values to state so in
> applicability statement.  They likely should do on a per syntax basis.
> 
> That is, an LDAP applicability statement for PKI applications should
> state that servers shall preserve values and preserve representation
> of values for select syntaxes (certificates, CRLs, etc.).
> 
> >Before I add this text into every schema definition for signed objects,
> >it would be nice to know that a LDAPv3 bis document already contained
> >text along these lines as a general statement, rather than making it specific to signed attribute values
> 
> It doesn't.  This lack of a mandate should be discussed in the
> technical specification.
> 
> Kurt