[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: A plan for PKIX, LDAPv3, and ;binary

To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Subject: Re: A plan for PKIX, LDAPv3, and ;binary
From: David Chadwick <d.w.chadwick@salford.ac.uk>
Date: Mon, 25 Nov 2002 00:38:31 +0000
Cc: Christopher Oliva <Chris.Oliva@entrust.com>, ietf-pkix@imc.org, ietf-ldapbis@OpenLDAP.org
Organization: University of Salford
References: <5.1.0.14.0.20021121203851.0351b190@127.0.0.1>

"Kurt D. Zeilenga" wrote:

> The current LDAPv3 technical specification [RFC 3377] does not
> state what is to be returned when "userCertificate" is requested
> (as this is a non-conformant request).  There are clients which
> expect:
>         a) return the certificate using "userCertificate;binary" or
>         b) return the certificate using "userCertificate".
> 
> (as well as clients which accept either)
> 
> As a server cannot support both at the same time, there is
> clearly an interoperability divide between implementations
> of these behaviors. 

Kurt

since servers typically must support LDAPv2 and LDAPv3 at the same time,
and LDAPv2 asks for userCertificate whilst LDAPv3 should ask for
userCertificate;binary, then clearly servers today SHOULD be able to
support both types of attribute request

David

> To preserve interoperability on either
> side of that divide, no statement is made which would require
> a server implementation to cross the divide.
> 
> That is, it is suggested that servers not be restricted in
> how they respond to a non-conformant request so as to allow
> current interoperability with ill-behaving clients.
> 
> Kurt

-- 
*****************************************************************

David W. Chadwick, BSc PhD
Professor of Information Systems Security
IS Institute, University of Salford, Salford M5 4WT
Tel: +44 161 295 5351  Fax +44 01484 532930
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick@salford.ac.uk
Home Page:  http://www.salford.ac.uk/its024/chadwick.htm
Research Projects: http://sec.isi.salford.ac.uk
Understanding X.500:  http://www.salford.ac.uk/its024/X500.htm
X.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5

*****************************************************************

begin:vcard 
n:Chadwick;David
tel;cell:+44 77 96 44 7184
tel;fax:+44 1484 532930
tel;home:+44 1484 352238
tel;work:+44 161 295 5351
x-mozilla-html:FALSE
url:http://www.salford.ac.uk/its024/chadwick.htm
org:University of Salford;IS Institute
version:2.1
email;internet:d.w.chadwick@salford.ac.uk
title:Professor of Information Security
adr;quoted-printable:;;The Crescent=0D=0A;Salford;Greater Manchester;M5 4WT;England
note;quoted-printable:Research Projects: http://sec.isi.salford.ac.uk.......................=0D=0A=0D=0AUnderstanding X.500:  http://www.salford.ac.uk/its024/X500.htm .......................=0D=0A=0D=0AX.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm...................=0D=0A=0D=0AEntrust key validation string: CJ94-LKWD-BSXB ...........=0D=0A=0D=0APGP Key ID is 0xBC238DE5
x-mozilla-cpt:;-4856
fn:David Chadwick
end:vcard

Follow-Ups:
- Re: A plan for PKIX, LDAPv3, and ;binary
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- RE: A plan for PKIX, LDAPv3, and ;binary
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: A plan for PKIX, LDAPv3, and ;binary
Next by Date: RE: Failed or Abandoned Bind operations
Index(es):
- Chronological
- Thread