[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: ;binary migration solution

To: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Subject: RE: ;binary migration solution
From: "Ramsay, Ron" <Ron.Ramsay@ca.com>
Date: Tue, 19 Nov 2002 12:22:37 +1100
Cc: Jim Sermersheim <jimse@novell.com>, ietf-ldapbis@OpenLDAP.org

Hallvard,

The message that you were replying to when I replied to yours was saying
exectly that - make ;binary a no-op. userCertificate;binary and
userCertificate are exactly the same.

As regards double wrapping, this should never occur in the case of values
represented in ASN.1. Plain strings, though, would be wrapped in an
octet-string wrapper. There was also some confusion about this as ALL values
are wrapped in an octet-string wrapper within the protocol.

Ron.

-----Original Message-----
From: Hallvard B Furuseth [mailto:h.b.furuseth@usit.uio.no]
Sent: Monday, 18 November 2002 22:41
To: Ramsay, Ron
Cc: Jim Sermersheim; ietf-ldapbis@OpenLDAP.org
Subject: RE: ;binary migration solution

Ramsay, Ron writes:
> With userCertificate, it doesn't matter how you ask for it, there is only
> one encoding possible, the raw BER.

Yes, that's why I suggestet it should do nothing about encoding.

Though IIRC there were (are?) programs who thought ;binary meant the
value should be wrapped in an extra BER envelope, I don't remember which
type.

> The presence of ;binary on either
> request or response is purely cosmetic.

However, some clients expect attribute to be named "userCertificate" or
"userCertificate;binary" and does not recognize the other form.

BTW, yet another way would be to just define ;binary as a tagging option
which does nothing.  If the directory is used both by clients that want
"userCertificate;binary" and clients that want "userCertificate", the
maintainer will have to add both forms.

-- 
Hallvard

Prev by Date: Re: the ;binary PKI question
Next by Date: Re: ;binary migration solution
Index(es):
- Chronological
- Thread