[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: memory leaks

At 10:01 AM 2001-12-05, Julio Sanchez Fernandez wrote:
>El mié, 05-12-2001 a las 18:33, Kurt D. Zeilenga escribió:
>> Guessing that a DER encoded 1 should be represented as "1"
>> is wrong in both cases....
>> BTW, I've similar naming attributes in the real world.
>I do not dispute that and I think I implied it. Notice, however, that
>the set of attributes used in certificate DNs is extremely limited.

Yes, but they are used (I've seen them)...

>As a matter of fact, lots of software plain breaks if you try to use any
>attribute beyond CN, L, OU, O, C and the like.

Yes, if the attribute is not in the RFC 2253 table, it really
should be encoded using 0.I.D=#BER format.  Otherwise,
interoperability is limited.

>I think that the only common problem is directoryString choice
>determination, that is covered by the ASN1 tag.

>[Except for the quirk that teletexString-tagged ISO-8859-1 is
>commonplace and, as a matter of fact, is the only de-facto interoperable
>way to have (Western European) accents in DNs. Go figure...]

Yes.  And, IMO, the only way to gain wide-spread interoperability
is NOT to treat CHOICE IA5 string "foo" as being different from
CHOICE UniveralString "foo" from CHOICE ... "foo".   Implementations
needs to transcode everything to UniversalString (encoded as
UTF-8 in LDAP).