It still hasn't been made clear how the proposed change will have a negative impact. As explained, the change will only increase interoperability.
I'll explain it again just to be clear (in point form):
- new PKIX spec defining X.509 syntaxes will define their native encoding as BER
- the native encoding would be identical to the ";binary" transfer syntax encoding (for X.509 syntaxes)
- this means ";binary" will not be mandatory to request these values
- no changes are needed to the LDAPbis specs (other than to remove any descriptions of X.509 syntaxes)
- clients that use ";binary" (for x.509 syntaxes) can continue to use this without any impact
- search add or modify involving such syntaxes can use ";binary" or not - makes no difference
So you see, it's a win-win situation. What is the downside of making this change ? It will only increase interoperability. Yes, there are examples of non-ldapv2 problems but I will not get into specifics on this list. I have in a previous email detailed many issues on this topic.
Anyway, I don't see how you can simply ignore ldapv2. How can you provide a migration path from ldapv2 to v3 if you ignore it? There are customers using ldapv2 today ... are you supposed to simply ignore that ? Many server products on the market still accept ldapv2 connections, therefore there is still a need for ldapv2.
Chris.
> -----Original Message-----
> From: mcs@netscape.com [mailto:mcs@netscape.com]
> Sent: Thursday, February 21, 2002 10:21 AM
> To: Kurt D. Zeilenga
> Cc: Ramsay Ron; Christopher Oliva; LDAP BIS
> Subject: Re: ;binary and userCertificate (Was: Private email ...)
>
>
> Kurt D. Zeilenga wrote:
> >
>
> >>The standard no longer applies, so certificates can go
> their own way?
> >>
> >
> > Sure, you can throw out the old specification and start over.
> > I don't believe that is warranted in this case.
>
>
> I agree with Kurt. But clearly there are at least two points of view:
>
> (1) Those who believe ;binary was a bad idea with respect to
> certificate
> attributes (I'll leave other uses of ;binary out of this discussion).
> The introduction of ;binary caused more interoperability
> problems than
> it solved.
>
> (2) Those who believe ;binary was a useful idea with respect to
> certificate attributes. It allowed people to build standards
> compliant
> LDAPv3 clients and servers that interoperate in this area.
>
> Now, I have never heard of any interoperability problems that
> involve an
> LDAPv3 client talking to an LDAPv3 server to search for, retrieve, or
> modify certificate attributes. In all operations, ;binary is
> used in the
> AttributeDescription. There is no ambiguity. Everyone is happy.
>
> Can someone who is subscribes to (1) provide an example of an
> interoperability problem that does not involve LDAPv2? If
> not, then the
> real question is whether we care about LDAPv2 any longer. I do not.
>
> -Mark Smith
> Netscape
>