[Date Prev][Date Next] [Chronological] [Thread] [Top]

AW: AW: LDAP Certificate transfer syntax

To: "'Kurt D. Zeilenga'" <Kurt@OpenLDAP.org>, Fantou Patrick <patrick.fantou@icn.siemens.de>
Subject: AW: AW: LDAP Certificate transfer syntax
From: Fantou Patrick <patrick.fantou@icn.siemens.de>
Date: Wed, 10 Apr 2002 09:27:52 +0200
Cc: Christopher Oliva <Chris.Oliva@entrust.com>, David Chadwick <d.w.chadwick@salford.ac.uk>, Mark Wahl <Mark.Wahl@sun.com>, steven.legg@adacel.com.au, "'LDAP BIS'" <ietf-ldapbis@OpenLDAP.org>, "'PKIX'" <ietf-pkix@imc.org>

Kurt, Peter and Ron, thanks for your comments.

Let me make more precise what i mean whith
*no choice* for *some attributes*

As Peter said, there are additional dependancies directly connected
with the attribute type and the fact that some attributes do not have any string encoding possibilities.

For some attributes like certificates, the only possibility as transfer encoding is the binary encoding.
It is what i mean with "there is no choice".
And in this case, as Ron says, ;binary is redundant.

Other comments in Kurt´s text.
Patrick

> -----Ursprüngliche Nachricht-----
> Von: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.org]
> Gesendet: Dienstag, 9. April 2002 18:17
> An: Fantou Patrick
> Cc: Christopher Oliva; David Chadwick; Mark Wahl;
> steven.legg@adacel.com.au; 'LDAP BIS'; 'PKIX'
> Betreff: Re: AW: LDAP Certificate transfer syntax
> 
> 
> At 10:44 AM 2002-04-09, Fantou Patrick wrote:
> >I am not sure this discussion really brings us further.
> 
> I think this discussion is bringing us further along.  It has,
> at least, boiled down this particular debate to one issue:
>    whether or not ;binary is required when the binary
>    encoding of a value is transferred in the protocol.
> 

For certificates in any case the binary encoding has to be transferred in the protocol.
So the presence or absence of ;binary cannot change anything here.

> >There is no choice with some attributes like certificates.
> 
> I would have to agree that this is no choice.  But I think
> we disagree on what that choice is.
> 
The choice is string encoding, when it exists, or binary encoding.

> One must transfer certificates in their binary encoding as
> indicates by ;binary.   Note only is this the intent of RFC
> 2251, but we have demonstrated interoperability between
> multiple independently developed implementations of this.
> 

One must always transfer certificates in their binary encoding.
And  i am not sure that interoperability was demonstrated because 
;binary was implemented correctly, or because the presence or the
absence of ;binary was ignored by the servers for the attribute types which do not have
any string encoding.

P.F.

Prev by Date: RE: AW: LDAP Certificate transfer syntax
Next by Date: Re: AW: LDAP Certificate transfer syntax
Index(es):
- Chronological
- Thread