RE: Assertion values and ;binary

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 02:23 AM 2002-03-15, Volpers, Helmut wrote:
>3.      LDAP V3 ;binary
>
>The LDAP V3 ; binary option allows a client 
>
>-       to retrieve an attribute value which will then be BER/DER encoded
>-       to tell to the server to store the BER/DER value of an attribute
>without modifying it.

Actually, RFC 2251 explicitly says that ;binary affects only
transfer.
   The presence or absence of the "binary" option only affects
   the transfer of attribute values in protocol; servers store
   any particular attribute in a single format. 

Only for specific types, such as userCertificate, does LDAPv3
require values be stored in a particular format.  However,
no where does LDAP say that a server is to preserve the
form of the value or the value.

>5.      Handling the PKI attributes
>
>It seems that the way servers handle handling the ;binary option or the
>absence of the ;binary option cannot be the same for all attributes.

I believe the semantics of transfer options (or lack there of)
not only can be defined the same for all attributes but must
be defined the same for all attributes.

>It has to depend on the fact if there is an LDAP Syntax/ native Syntax defined for this attribute or not.

I believe that specification of semantics dependent on whether
or not the specification currently provides a LDAP-specific
encoding is a mistake (specifications can change).

The semantics should be simple.
  - No transfer options indicates use of a LDAP-specific encoding.
  - The ;binary transfer option indicates use of the binary transfer
    encoding (e.g., BER).
  - Other transfer options indicate use of some other transfer encodings.

In all cases, if the implementation is unable or unwilling to
generate (for whatever reason) the indicated encoding, the
attribute description must be treated as unrecognized.

Kurt