[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Models: Matching Rule Uses


"Kurt D. Zeilenga" wrote:
> 
> At 11:42 PM 2/12/2003, Hallvard B Furuseth wrote:
> >Example: [Syntaxes] 5.2.3 caseIgnoreIA5Match says:
> >
> >   The caseIgnoreIA5Match rule compares an assertion value of the IA5
> >   String syntax to an attribute value of a syntax (e.g the IA5 String
> >   syntax) whose corresponding ASN.1 type is IA5String.
> 
> This wording, I think, is overly restrictive.  It's not necessary
> for the assertion value here to be an IA5String or even contain an
> IA5String.  What is necessary is a well-defined algorithm for
> performing the assertion against a value of the attribute type's
> syntax.

I disagree. If you have a well defined algorithm, say Katakana to ASCII,
then you should have a new matching rule for this, called KatakanaIA5
matching rule, and describe the algorithm in this new rule.

The IA5 matching rule should be purely for IA5 strings, as per the
existing definition.

> 
> >So caseIgnoreIA5Match can be used with attributes whose corresponding
> >ASN.1 type is IA5String, but not e.g. bit string syntax.  I'm hoping
> >that this also means that a caseIgnoreIA5Match matching rule use can
> >only list attributes whose corresponding ASN.1 type is IA5String.
> 
> No, the assertion syntax and attribute value syntax can be quite
> different.

Currently this is not so. They can be different, but only if the
assertion syntax is a subtype of the attribute value syntax e.g, you can
have an assertion syntax in IA5, for an attribute value syntax that is a
sequence of things with a string as the first component (as in string
first component match), or in IA5 for an attribute value of directory
string (which can be a range of different character sets)

David

> 
> Kurt

-- 
*****************************************************************

David W. Chadwick, BSc PhD
Professor of Information Systems Security
IS Institute, University of Salford, Salford M5 4WT
Tel: +44 161 295 5351  Fax +44 01484 532930
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick@salford.ac.uk
Home Page:  http://www.salford.ac.uk/its024/chadwick.htm
Research Projects: http://sec.isi.salford.ac.uk
Seminars: http://www.salford.ac.uk/its024/seminars.htm
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5

*****************************************************************
begin:vcard 
n:Chadwick;David
tel;cell:+44 77 96 44 7184
tel;fax:+44 1484 532930
tel;home:+44 1484 352238
tel;work:+44 161 295 5351
x-mozilla-html:FALSE
url:http://www.salford.ac.uk/its024/chadwick.htm
org:University of Salford;IS Institute
version:2.1
email;internet:d.w.chadwick@salford.ac.uk
title:Professor of Information Security
adr;quoted-printable:;;The Crescent=0D=0A;Salford;Greater Manchester;M5 4WT;England
note;quoted-printable:Research Projects: http://sec.isi.salford.ac.uk.......................=0D=0A=0D=0AUnderstanding X.500:  http://www.salford.ac.uk/its024/X500.htm .......................=0D=0A=0D=0AX.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm...................=0D=0A=0D=0AEntrust key validation string: CJ94-LKWD-BSXB ...........=0D=0A=0D=0APGP Key ID is 0xBC238DE5
x-mozilla-cpt:;-4856
fn:David Chadwick
end:vcard