[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Assertion values and ;binary

To: Mark C Smith <mcs@netscape.com>
Subject: Re: Assertion values and ;binary
From: David Chadwick <d.w.chadwick@salford.ac.uk>
Date: Sat, 16 Mar 2002 20:16:52 +0000
Cc: Volpers Helmut <helmut.volpers@icn.siemens.de>, "'Jim Sermersheim'" <JIMSE@novell.com>, ietf-ldapbis@OpenLDAP.org, "Fantou Patrick (E-mail)" <patrick.fantou@icn.siemens.de>, Baumgaertner Helmut <helmut.baumgaertner@icn.siemens.de>
Organization: University of Salford
References: <D1533D42A5A9D511A8090050DA3D8357304BB2@pappel.asw.mchp.siemens.de> <3C9270B8.4030808@netscape.com>


Mark C Smith wrote:

> The recommendation in the last paragraph is not fully backwards
> compatible. Once again, section 6.5 of RFC 2252 ("Certificate") says:
> 
>     ... values in this syntax MUST only be transferred using the
>     binary encoding ...
> 

Mark,

remember that certificates are to be removed from RFC 2252 Bis, so that
this proposed standard will no longer be the definitive voice for
certificates.

> (sorry; I can't read it any other way). Because of 2252, today we have
> LDAP clients that always include ;binary (and they will continue to work
> if we adopt your recommendation). But we also have compliant LDAPv3
> servers that will not accept or recognize attribute descriptions such as
> "userCertificate" (because the ;binary, which is mandated by 2252, is
> missing).

This is probably less of a problem if these servers refuse to accept
such an attribute in a Modify operation, but would be a problem if they
accepted it and then refused to return it on a Search!

> I believe that by adopting your proposal we will create a
> situation where clients that comply with this new proposal fail to
> interoperate with a server that complies with RFC 2252. Of course the
> servers will be updated in due time, but there will be some confusion in
> the meantime.
> 

Yes, I did an analysis of this in a previous message of 19 Feb (I did a
2 x 2 matrix) and there would indeed be a problem with new clients not
using ;binary working with old servers that expected it.

David


> -Mark Smith
>   Netscape

-- 
*****************************************************************

David W. Chadwick, BSc PhD
Professor of Information Systems Security
IS Institute, University of Salford, Salford M5 4WT
Tel: +44 161 295 5351  Fax +44 161 745 8169
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick@salford.ac.uk
Home Page:  http://www.salford.ac.uk/its024/chadwick.htm
Research Projects: http://sec.isi.salford.ac.uk
Understanding X.500:  http://www.salford.ac.uk/its024/X500.htm
X.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5

*****************************************************************

begin:vcard 
n:Chadwick;David
tel;cell:+44 77 96 44 7184
tel;fax:+44 1484 532930
tel;home:+44 1484 352238
tel;work:+44 161 295 5351
x-mozilla-html:FALSE
url:http://www.salford.ac.uk/its024/chadwick.htm
org:University of Salford;IS Institute
version:2.1
email;internet:d.w.chadwick@salford.ac.uk
title:Professor of Information Security
adr;quoted-printable:;;The Crescent=0D=0A;Salford;Greater Manchester;M5 4WT;England
note;quoted-printable:Research Projects: http://sec.isi.salford.ac.uk.......................=0D=0A=0D=0AUnderstanding X.500:  http://www.salford.ac.uk/its024/X500.htm .......................=0D=0A=0D=0AX.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm...................=0D=0A=0D=0AEntrust key validation string: CJ94-LKWD-BSXB ...........=0D=0A=0D=0APGP Key ID is 0xBC238DE5
x-mozilla-cpt:;-4856
fn:David Chadwick
end:vcard

References:
- RE: Assertion values and ;binary
  - From: "Volpers, Helmut" <helmut.volpers@icn.siemens.de>
- Re: Assertion values and ;binary
  - From: mcs@netscape.com (Mark C Smith)

Prev by Date: RE: Assertion values and ;binary
Next by Date: Re: Assertion values and ;binary
Index(es):
- Chronological
- Thread