RE: A plan for PKIX, LDAPv3, and ;binary

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 06:42 PM 2002-11-21, Christopher Oliva wrote:
>I have a question about point 4. Specifically the sentence: 
>
>" Rather than be silent, we suggest that the PKIX syntax and schema document state the LDAP-specific encoding used in transfer without the ;binary option but deprecate its use. "
>
>What will be the impact of "but deprecate its use" to server implementations? 

I would hope the impact would be that ALL implementations
use "userCertficate;binary".

>I would prefer to remove the last 4 words of that sentence.
>
>I would like to see a more clear statement that servers will have to support requests for userCertificate as well as userCertificate;binary.

The current LDAPv3 technical specification [RFC 3377] does not
state what is to be returned when "userCertificate" is requested
(as this is a non-conformant request).  There are clients which
expect:
        a) return the certificate using "userCertificate;binary" or
        b) return the certificate using "userCertificate".

(as well as clients which accept either)

As a server cannot support both at the same time, there is
clearly an interoperability divide between implementations
of these behaviors.  To preserve interoperability on either
side of that divide, no statement is made which would require
a server implementation to cross the divide.

That is, it is suggested that servers not be restricted in
how they respond to a non-conformant request so as to allow
current interoperability with ill-behaving clients.

Kurt