[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: ;binary and userCertificate (Was: Private email ...)

To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Subject: RE: ;binary and userCertificate (Was: Private email ...)
From: "Ramsay, Ron" <Ron.Ramsay@ca.com>
Date: Fri, 22 Feb 2002 16:00:32 +1100
Cc: Phil Griffin <phil.griffin@asn-1.com>, LDAP BIS <ietf-ldapbis@OpenLDAP.org>

Kurt,

Excuse me, but 1.3.6.1.4.1.1466.115.121.1.27 is not associated with INTEGER
from the X.500 point of view. INTEGER is pretty simple, but if you consider
PresentationAddress, I would say that the SYNTAX doesn't specify it at all.

This should be clarified by relating it more strongly to the X.500
definition (or including the definitions in, say, a syntax document) and
moving into the X.500 world by indicating that all syntaxes have an ASN.1
form and some also have a string form.

Thanks,

Ron.

-----Original Message-----
From: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.org]
Sent: Friday, 22 February 2002 15:23
To: Ramsay, Ron
Cc: Phil Griffin; LDAP BIS
Subject: RE: ;binary and userCertificate (Was: Private email ...)

At 04:57 PM 2002-02-21, Ramsay, Ron wrote:
>Thanks, Phil, but I thought Kurt was referring to LDAP. He has been arguing
>that LDAP defines an ASN.1 type for its syntaxes, because he wants ;binary
>to transfer this type, but I have failed to find specific references in the
>LDAP specs.

Even if ;binary was stricken from RFC 2251, I would argue
that there is the LDAP syntax OID identifies the
corresponding ASN.1 data type in X.500.  Because without
this relationship, little of LDAP would actually make
sense.

For consider,
   ( 2.5.13.29 NAME 'integerFirstComponentMatch'
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )

There is zero text in LDAP RFCs which say how to implement
this, but yet there are multiple interoperable implementations
of this matching rule.  Why?  Because 2.5.13.29 is associated
with the X.500 matching rule integerFirstComponentMatch
and 1.3.6.1.4.1.1466.115.121.1.27 is associated with
the ASN.1 date type INTEGER.

While the LDAP specification uses poor mechanism to relate
OIDs with elements of X.500 schema, most implementors have
figured out not only that there are relationships, but
agree to which OID refers to what.  If they didn't agree,
things wouldn't interoperate.

In revising the specification, it's our job to clarify the
specification so that others may repeatedly development
which interoperate.  This will require being a lot clearer
about the relationship between LDAP and X.500.

I will take your above comments as indications of an area
where we need to provide clarification.

Kurt

Prev by Date: RE: ;binary and userCertificate (Was: Private email ...)
Next by Date: RE: ;binary and userCertificate (Was: Private email ...)
Index(es):
- Chronological
- Thread