Re: substring matching rules

[mcs@netscape.com (Mark C Smith)]

I don't have access to all of the right standard documents here, but I
suspect that the NumericString syntax is compatible with
DirectoryString.  Not true for bitString or octetString... in fact,
X.521 includes this definition:

  octetStringSubstringsMatch MATCHING-RULE ::= {
    SYNTAX OctetSubstringAssertion
    ID id-mr-octetStringSubstringsMatch }

  OctetSubstringAssertion ::= SEQUENCE OF CHOICE {
    initial [0] OCTET STRING,
    any [1] OCTET STRING,
    final [2] OCTET STRING }
   -- at most one initial and one final component

which is very similar in concept to your bitStringSubstringsMatch
example.

It would be nice to add some text about all of this to RFC2252-bis when
it is created.

-- 
Mark Smith
Directory Product Development / iPlanet E-Commerce Solutions
My words are my own, not my employer's.            Got LDAP?



"Kurt D. Zeilenga" wrote:
> 
> So, if I want to define a bitString substring matching rule
> where each asserted component is a bitString, I should define
> a bitStringSubstrings (assertion) syntax and than use this as
> the syntax of asserted values of bitStringSubstringsMatch?
> 
> Okay, so why?
> 
> ( 2.5.13.10 NAME 'numericStringSubstringsMatch'
>     SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )
> 
> This says that each asserted substring component is of
> directoryString syntax.  I would think each asserted substring
> component should be of numericString syntax.