[Date Prev][Date Next]
Michael Ströder wrote:
> Kurt D. Zeilenga wrote:
> > At 08:30 AM 2002-02-25, Christopher Oliva wrote:
> > >
> > > My argument here is that the current ldapv3 RFCs do not
> > > really say one way or another what should happen.
> > It doesn't need to. The specification requires the client to
> > request the userCertificate attribute using ;binary. If the
> > client fails this mandate, then the behavior it gets is undefined.
> > [..]
> > Clients are expected to request the userCertificate attribute
> > using ;binary. Clients which fail to follow the specification
> > will not interoperate with all compliant servers.
> Sorry for jumping in that late.
> Hmm, now you're telling us that e.g. a generic client has to explicitly
> request all attributes it might handle additionally with transfer encoding?
I don't think so. Section 4.3.1 of 2252 (Binary Transfer of Values)
says in part:
... Clients which request
that all attributes be returned from entries MUST be prepared to
receive values in binary (e.g. userCertificate;binary), and SHOULD
NOT simply display binary or unrecognized values to users.
and section 6.5 of 2252 (Certificate) says:
( 220.127.116.11.4.1.1418.104.22.168.8 DESC 'Certificate' )
Because of the changes from X.509(1988) and X.509(1993) and
additional changes to the ASN.1 definition to support certificate
extensions, no string representation is defined, and values in this
syntax MUST only be transferred using the binary encoding, by
requesting or returning the attributes with descriptions
"userCertificate;binary" or "caCertificate;binary". The BNF notation
in RFC 1778 for "User Certificate" is not recommended to be used.
I read that to say that servers are free to return
userCertificate;binary and other strings that end in ";binary" within
the AttributeDescriptions that are part of the SearchResultEntry
Unfortunately, I do not know where text that is similar to section 4.3.1
of 2252 appears in the LDAPbis I-Ds.
I believe it is common practice for LDAPv3 clients to expect to receive
userCertificate;binary in the AttributeDescription.
AOL Strategic Business Solutions
My words are my own, not my employer's.
- RE: ;binary
- From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: ;binary
- From: Michael Ströder <firstname.lastname@example.org>