[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: LDAP Certificate transfer syntax

To: Christopher Oliva <Chris.Oliva@entrust.com>
Subject: RE: LDAP Certificate transfer syntax
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Tue, 09 Apr 2002 09:28:23 -0500
Cc: David Chadwick <d.w.chadwick@salford.ac.uk>, Mark Wahl <Mark.Wahl@sun.com>, steven.legg@adacel.com.au, "'LDAP BIS'" <ietf-ldapbis@OpenLDAP.org>, "'PKIX'" <ietf-pkix@imc.org>
In-reply-to: <BFB44293CE13C9419B7AFE7CBC35B9390120D78A@sottmxs08.entrust .com>

At 08:09 PM 2002-04-08, Christopher Oliva wrote:
>> >Here are some observations on the three cases: 
>> > 
>> >a) and b) 
>> >RFC 2252 clause 6.5 only mandates a binary encoding. 
>> >As previously pointed out by others, there is no absolute 
>> imperative that requires the use of the ";binary" option. 
>> 
>> How else would you indicate that the "binary" encoding was 
>> requested/used instead of the "string" encoding? 
>
>RFC 2252, 6.5 says that ".. values in this syntax MUST only be transferred using the binary encoding ..".

Yes.  And RFC 2251 makes it quite clear that ;binary is used
to indicate that the binary encoding was used instead of the
native string encoding.  If ;binary is not present, binary
transfer of the binary encoding is not used.

>Also, no other encoding is provided therefore only the binary encoding can be used.

Yes, so ;binary must be used.

>Although 4.3.1 lists two reasons to use the binary encoding, it does not say that other valid reasons or syntaxes cannot require the use of the binary encoding.

But RFC 2251 states when binary encoding is to be used and when
native encodings are to be used.

>Since the use of ";binary" is not mandatory for the Certificate syntax,

I disagree.

>and there is no other possible encoding, then the default encoding that is used (that must be used) is the binary encoding.

There is no such thing as the "default" encoding.  That term is
no where used in the specification.  There is the native string
encoding and there is the binary encoding.  Which one is used
is indicated by the absence or presence of transfer options.
If this wasn't the case, then clients would have no clue as to
what encoding was actually used.

>If the ";binary" option is used to explicitly specify the binary encoding, this results in the same encodings and this would also satisfy the RFC.

;binary must be present when the binary encoding is transferred.
;binary must not be present when the native encoding is transferred.

>> >c) 
>> >Nowhere in the ldapv3 RFCs is there a description of the 
>> behavior for this case. There is no justification to label 
>> this as non conformant. 
>> 
>> You are right in that the RFC does not explicit state this. 
>> 
>> But it should be obvious that "CN;binary" should not be 
>> returned unless "CN;binary" was requested.  Same goes 
>> for userCertificate. 
>> 
>
>Attributes must be returned according to their syntax encoding requirements. 

Values of a syntax can encoded multiple ways for transfer.  The
encoding used is always indicated by the presence or absence of
transfer options such as ;binary.

Prev by Date: RE: LDAP Certificate transfer syntax
Next by Date: RE: LDAP Certificate transfer syntax
Index(es):
- Chronological
- Thread