[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: draft-smith-ldap-inetorgperson-02.txt

To: mcs@netscape.com
Subject: RE: draft-smith-ldap-inetorgperson-02.txt
From: "Salter, Thomas A" <Thomas.Salter@unisys.com>
Date: Thu, 25 Feb 1999 11:59:51 -0500
Cc: "[ldap v3 mailing list]" <ietf-asid@netscape.com>, ietf-ldapext@netscape.com
Resent-date: Thu, 25 Feb 1999 09:41:05 -0800 (PST)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"OXr582.0.5f4.biOrs"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

see comments below.

 > -----Original Message-----
 > From: mcs@netscape.com [mailto:mcs@netscape.com]
 > Sent: Thursday, February 25, 1999 11:12 AM
 > To: Salter, Thomas A
 > Cc: [ldap v3 mailing list]; ietf-ldapext@netscape.com
 > Subject: Re: draft-smith-ldap-inetorgperson-02.txt
 > 
[deleted]
 > 
 > 
 > Probably, although in light of comments from others it might make the
 > most sense to say it is multivalued but operationally it should only
 > contain at most one value per language, e.g., it is 
 > acceptable to have
 > two values like these:
 > 
 >     displayName;lang-en: Mark Smith
 >     displayName;lang-fr: Marcel Smith
 > 
 > but not two like these:
 > 
 >     displayName: Mark Smith
 >     displayName: Mark C Smith
 > 

I've always been confused about language tags.  Is first example showing two
different values of the attribute displayName, or two different attributes
which are subtypes of displayName ?  I read RFC2251 to say that they are
subtypes, in which case the singlevalued rule can apply to each. 


 > 
 > > ...
 > > 2. userSMIMECertificate and userPKCS12 both have syntax 
 > OCTET STRING, yet
 > > the descriptions say they should always be requested in 
 > binary form.  If the
 > > intention is that these are always accessed in BER form, 
 > then wouldn't the
 > > BINARY syntax (1.3.6.1.4.1.1466.115.121.1.5) be more 
 > appropriate?  If they
 > > are just any arbitrary sequence of bytes, the OCTET STRING 
 > without the
 > > ;binary option is sufficient.  As it is defined, they will 
 > always need an
 > > OCTET STRING wrapper around the actual value.
 > 
 > I agree -- the syntaxes should probably be changed to BINARY.  But
 > section 4.3.1 RFC 2252 makes it sound like any time 
 > "attrtype;binary" is
 > used to retrieve an attribute value the raw bits will be 
 > sent, so I am
 > not sure it matters much in practice to LDAP clients.
 > 

It matters very much when LDAP interoperates with X.500.  If the syntax is
OCTET STRING, then the ber type must be an octet string.  The "binary" tag
does not mean that any arbitrary raw bit pattern is acceptable, but that a
legal BER-encoded value is being passed.  If you just want to store raw
bits, then the syntax should be octet string, and the binary tag should not
be used.

Changing the syntax to BINARY resolves this issue.


[deleted]
 > -- 
 > Mark Smith
 > Directory Architect / Netscape Communications Corp.
 > My words are my own, not my employer's.  Got LDAP?
 > 

Tom Salter
Unisys Corporation

Prev by Date: Re: A question on the Access control requirements doc..
Next by Date: RE: draft-smith-ldap-inetorgperson-02.txt
Index(es):
- Chronological
- Thread