[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: clarification: ;binary

To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>, Christopher Oliva <Chris.Oliva@entrust.com>
Subject: RE: clarification: ;binary
From: "Ramsay, Ron" <Ron.Ramsay@ca.com>
Date: Thu, 8 Jun 2000 11:43:28 +1000
Cc: "'LDAP EXT'" <ietf-ldapext@netscape.com>

Kurt,

It is not true that

"attribute descriptions with the
";binary" option are transferred using the BER encoding of their
syntax wrapped in an octetString."

Attributes should be transferred using their native encoding. If they are
strings then an encoding is defined for them which is simply wrapping in an
octet string.

BER values are NOT wrapped in octet strings.

Ron.

-----Original Message-----
From: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.org]
Sent: Thursday, 8 June 2000 7:17
To: Christopher Oliva
Cc: 'LDAP EXT'
Subject: Re: clarification: ;binary

At 03:14 PM 6/7/00 -0400, Christopher Oliva wrote:
>
>I often have to explain this issue to people so I thought I would raise it
>once again on the list and hope that it will get clarified in the updated
>version of RFC 2251.
>
>There are four common interpretations for the use of ";binary":
>
>1) It is used to override the BNF string syntax of values by encoding them
>in BER

This interpretation is close.  attribute descriptions with the
";binary" option are transferred using the BER encoding of their
syntax wrapped in an octetString.  Some attribute types must
be transferred using this mechanisms, others may (depending
upon implementation support).

>2) It is used to transport values where the only known/possible syntax is a
>complex ASN.1 syntax (i.e. attributeCertificate)

No. ;binary may be used with any and all attribute types (assuming
server support) irregardless of whether a string syntax is available.

>3) It can optionally be used to transport values that have the "Binary"
>syntax (the values must be BER encoded).

Yes, and this is generally recommended and in some cases required.

>4) It is used to transport values that are non-printable (i.e. a string of
>bytes that is not UTF8).

No.  It's used to transfer BER encoded (per syntax) attribute values
(wrapped in an octetString).

>As far as I'm aware, the ldap RFCs do not state that ";binary" and a BER
>encoding of values must be used for case number 4. In other words, there
are
>cases where an attribute syntax is a non-printable string of bytes and the
>use of ";binary" is not required. One example of this is the Octet String
>syntax.

Correct.  The lack of ;binary does not imply that the value is
a printable string.  It's whatever the syntax defines as a
"string" representation.  That could be any old blob.

>For example, if I have an attribute named "private" with an Octet String
>syntax, I can transmit this in ldap with the attribute description
"private"
>and encoded as 2 bytes "FFFF". It is not necessary to transmit this with
the
>attribute description "private;binary" and encoded as 4 bytes "0402FFFF".

Yes.  We RFC 2252, 4.3 for clarification.

Follow-Ups:
- RE: clarification: ;binary
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: RE: clarification: ;binary
Next by Date: RE: clarification: ;binary
Index(es):
- Chronological
- Thread