[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
authmeth-16 notes
Section 3.1.5 is definitely better. A couple of minor points:
rule #3, "leftmost RDN" is probably a bad choice. "least significant
RDN" might be better.
X.500 never specified a left/right display order for DNs, it only
defines them as a sequence in descending order from the root down. It
was common practice with X.500 tools to display DNs in left-to-right
order, like a filesystem: /rootrdn/nextrdn.../lastrdn and it was common
for packages like (older versions of) OpenSSL to use this order as well
when displaying DNs in X.509 certificates. While LDAP specifies a
right-to-left order for DNs, people working with these older certificate
management tools may still be presented with X.500-style DNs. This
ordering ambiguity still causes a lot of confusion for users and
administrators. I wonder if it would be worthwhile to add an explanatory
note about this point to Appendix A.
More minor stuff:
3.1.5.2 is missing a word in the last sentence. Probably should be "A
match occurs *if* the reference ..."
There are other missing articles/infinitives as well; I haven't finished
reading yet.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/