[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ;binary

To: michael@stroeder.com
Subject: Re: ;binary
From: Mark Smith <mcs@netscape.com>
Date: Mon, 25 Feb 2002 16:06:46 -0500
Cc: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>, ietf-ldapbis@OpenLDAP.org
Organization: Netscape Communications Corp.
References: <5.1.0.14.0.20020225094116.01719320@127.0.0.1> <3C7A9960.1040006@stroeder.com>

Michael Ströder wrote:
> 
> Kurt D. Zeilenga wrote:
>  >
>  > At 08:30 AM 2002-02-25, Christopher Oliva wrote:
>  > >
>  > > My argument here is that the current ldapv3 RFCs do not
>  > > really say one way or another what should happen.
>  >
>  > It doesn't need to.  The specification requires the client to
>  > request the userCertificate attribute using ;binary.  If the
>  > client fails this mandate, then the behavior it gets is undefined.
>  > [..]
> > Clients are expected to request the userCertificate attribute
> > using ;binary.   Clients which fail to follow the specification
> > will not interoperate with all compliant servers.
> 
> Sorry for jumping in that late.
> 
> Hmm, now you're telling us that e.g. a generic client has to explicitly
> request all attributes it might handle additionally with transfer encoding?

I don't think so.  Section 4.3.1 of 2252 (Binary Transfer of Values)
says in part:

   ... Clients which request
   that all attributes be returned from entries MUST be prepared to
   receive values in binary (e.g. userCertificate;binary), and SHOULD
   NOT simply display binary or unrecognized values to users.

and section 6.5 of 2252 (Certificate) says:

   ( 1.3.6.1.4.1.1466.115.121.1.8 DESC 'Certificate' )

   Because of the changes from X.509(1988) and X.509(1993) and
   additional changes to the ASN.1 definition to support certificate
   extensions, no string representation is defined, and values in this
   syntax MUST only be transferred using the binary encoding, by
   requesting or returning the attributes with descriptions
   "userCertificate;binary" or "caCertificate;binary".  The BNF notation
   in RFC 1778 for "User Certificate" is not recommended to be used.

I read that to say that servers are free to return
userCertificate;binary and other strings that end in ";binary" within
the AttributeDescriptions that are part of the SearchResultEntry
messages.

Unfortunately, I do not know where text that is similar to section 4.3.1
of 2252 appears in the LDAPbis I-Ds.

I believe it is common practice for LDAPv3 clients to expect to receive
userCertificate;binary in the AttributeDescription.

-- 
Mark Smith
AOL Strategic Business Solutions
My words are my own, not my employer's.

References:
- RE: ;binary
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: ;binary
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: ;binary
Next by Date: Re: ;binary
Index(es):
- Chronological
- Thread