[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: I-D ACTION:draft-ietf-ldapbis-protocol-06.txt
<sigh>, I forgot to fix the bit about clients MUST NOT... Here's a
better one (I changes it to say "...MUST NOT expect servers to return an
attribute with the binary option..." rather than "...in the binary
format...". Hopefully this better reflects the intent.
If the "binary" option is present in an AttributeDescription, it
specifies that data within the AttributeValue(s) of the attribute be
transferred in protocol as BER encoded data according to the ASN.1 data
type corresponding to the attribute's LDAP syntax. The LDAP syntax is
indicated by the "SYNTAX" part of the AttributeTypeDescription.
The presence or absence of the "binary" option only affects the
transfer of attribute values in protocol; servers store any particular
attribute in a server-defined format. If a client requests that a server
return an attribute in the binary format, but the server cannot generate
that format, the server MUST treat the attribute type as unrecognized.
Similarly, clients MUST NOT expect servers to return an attribute with
the binary option if the client requested that attribute by name without
the binary option.
This option is intended to be used with attributes whose syntax is a
complex ASN.1 data type, but may be associated with any attribute whose
ASN.1 type is known.
>>> "Jim Sermersheim" <JIMSE@novell.com> 03/01/02 12:31PM >>>
Let's try this one:
"4.1.5.x. Binary Transfer Option
If the "binary" option is present in an AttributeDescription, it
specifies that data within the AttributeValue(s) of the attribute be
transferred in protocol as BER encoded data according to the ASN.1
data
type corresponding to the attribute's LDAP syntax. The LDAP syntax is
indicated by the "SYNTAX" part of the AttributeTypeDescription.
The presence or absence of the "binary" option only affects the
transfer of attribute values in protocol; servers store any particular
attribute in a server-defined format. If a client requests that a
server
return an attribute in the binary format, but the server cannot
generate
that format, the server MUST treat the attribute type as unrecognized.
Similarly, clients MUST NOT expect servers to return an attribute in
binary format if the client requested that attribute by name without
the
"binary" option.
This option is intended to be used with attributes whose syntax is a
complex ASN.1 data type, but may be associated with any attribute
whose
ASN.1 type is known."
(Note that AttributeValue is defined as an OCTET STRING containing
some
encoded data per the syntax and possibly further specified by a
transfer
option)
Jim
>>> David Chadwick <d.w.chadwick@salford.ac.uk> 02/24/02 04:17PM >>>
Jim
I think the new text for attribute descriptions is very good. Much
better than before, especially the description of subtyping. However,
the subsection on Binary Option (4.1.5.1) could still do with some
improvement I feel. Firstly, the section is not as clear as recent
email
we have had on the list, explaining that the attribute value, whatever
it is, is treated (or turned into) as an octet string containing BER,
and then a TL octet wrapper is placed around it.
Secondly, the section talks about overriding the native encoding and
sending it as BER instead. But then your example uses certificates,
that
are native BER encoded. So what overriding is there to take place. It
would seem like none, and therefore the effect of ;binary is null. In
other words the section does not clearly indicate to me what the
difference would be in transferring a certificate without ;binary and
one with i.e. certificate;binary. This is unfortunate and confusing
to
the reader. I suggest you use an example that is not a certificate,
but
is a simple string. You might then also add text to say what the
effect
of ;binary is on a value that is already BER encoded.
I find this sentence particular confusing
"Instead the attribute is to be transferred as
a binary value encoded using the Basic Encoding Rules [X.690]."
The reason it is confusing is that all values in BER are binary. So if
the value is already BER what more needs to be done to it? It would
seem
nothing.
Perhaps the sentence might read better as
"Instead the attribute value is transferred as an ASN.1
OctetStringType,
where the embedded octet string value is itself a BER encoded value"
The second sentence
"The
syntax of the binary value is an ASN.1 data type definition, which
is
referenced by the "SYNTAX" part of the attribute type definition."
also has some errors in it, and could then be changed to
"The syntax of the BER encoded value is an ASN.1 data type, which
must conform to the "SYNTAX" part of the AttributeTypeDescription."
Is that any better?
David
Jim Sermersheim wrote:
>
> All,
>
> This revision contains the changes recommended by the attribute
options
> engineering team. Please review section 4.1.5 carefully.
>
> Other changes are listed in section B.7
>
> Jim
>
> >>> <Internet-Drafts@ietf.org> 01/31/02 05:00AM >>>
> A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
> This draft is a work item of the LDAP (v3) Revision Working Group of
> the IETF.
>
> Title : Lightweight Directory Access Protocol (v3)
> Author(s) : J. Sermersheim
> Filename : draft-ietf-ldapbis-protocol-06.txt
> Pages : 56
> Date : 30-Jan-02
>
> The protocol described in this document is designed to provide
access
> to directories supporting the [X.500] models, while not incurring
the
> resource requirements of the X.500 Directory Access Protocol (DAP).
> This protocol is specifically targeted at management applications
and
> browser applications that provide read/write interactive access to
> directories. When used with a directory supporting the X.500
> protocols, it is intended to be a complement to the X.500 DAP.
>
> A URL for this Internet-Draft is:
>
http://www.ietf.org/internet-drafts/draft-ietf-ldapbis-protocol-06.txt
>
> To remove yourself from the IETF Announcement list, send a message
to
> ietf-announce-request with the word unsubscribe in the body of the
> message.
>
> Internet-Drafts are also available by anonymous FTP. Login with the
> username
> "anonymous" and a password of your e-mail address. After logging in,
> type "cd internet-drafts" and then
> "get draft-ietf-ldapbis-protocol-06.txt".
>
> A list of Internet-Drafts directories can be found in
> http://www.ietf.org/shadow.html
> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
>
> Internet-Drafts can also be obtained by e-mail.
>
> Send a message to:
> mailserv@ietf.org.
> In the body type:
> "FILE /internet-drafts/draft-ietf-ldapbis-protocol-06.txt".
>
> NOTE: The mail server at ietf.org can return the document in
> MIME-encoded form by using the "mpack" utility. To use this
> feature, insert the command "ENCODING mime" before the
"FILE"
> command. To decode the response(s), you will need "munpack"
or
> a MIME-compliant mail reader. Different MIME-compliant mail
> readers
> exhibit different behavior, especially when dealing with
> "multipart" MIME messages (i.e. documents which have been
split
> up into multiple messages), so check your local
documentation
> on
> how to manipulate these messages.
>
>
> Below is the data which will enable a MIME compliant mail reader
> implementation to automatically retrieve the ASCII version of the
> Internet-Draft.
--
*****************************************************************
David W. Chadwick, BSc PhD
Professor of Information Systems Security
IS Institute, University of Salford, Salford M5 4WT
Tel: +44 161 295 5351 Fax +44 161 745 8169
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick@salford.ac.uk
Home Page: http://www.salford.ac.uk/its024/chadwick.htm
Research Projects: http://sec.isi.salford.ac.uk
Understanding X.500: http://www.salford.ac.uk/its024/X500.htm
X.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5
*****************************************************************