Escaping in URIs (Was: draft-ietf-ldapbis-filter-03.txt)

[Hallvard B Furuseth <h.b.furuseth@usit.uio.no>]

Steven Legg writes:
> The string representation of LDAP search filters is used in LDAP URLs.
> LDAP URLs are present in Referrals in components of type LDAPString.
> LDAPString is required to contain UTF-8 encoded characters.
> If octets in the range 0x80 to 0xff in arbitrary octet data in assertion
> values are not escaped then they could potentially represent invalid
> UTF-8 encodings. Escaping octets > 0x7f means that the filter string
> is ASCII and therefore also valid UTF-8.

Good point.  For the LDAPURL draft, that is:-)
I think last paragraph of [LDAPURL] section 5 covers it, but maybe it
wouldn't hurt to end that pargaraph with something like "Thus, a
generated LDAP URL MUST be an IA5 string, though implementations SHOULD
be prepared to accept other valid UTF-8 strings.".

There is a bug in that paragraph, BTW:

>   Note that characters that are not safe (e.g., spaces) (as defined in
>   section 2.1 of [RFC2396]), (...)

RFC2396 doesn't define "safe", and section 2.1 certainly doesn't - that
is about characters vs. octets.  I think it should be something like:

    Note that characters that are not an "uric" character, as defined
    in {Appendix A or section 2} of [RFC2396], (...)

-- 
Hallvard