Colleagues
Here is my proposed change to the section describing the LDAP syntax for
cerificates in the PKIX id
<draft-pkix-ldap-schema-03.txt> which should be published before the end
of April. As this is likely to be the most contentious part of the new
ID, I thought it would be useful to distribute this text at the earlier
possible moment.
All constructive comments welcomed
David
3.3 Certificate Syntax
A value in this transfer syntax is the binary octet string that results
from BER or DER-encoding of an X.509 public key certificate. The
following string states the OID assigned to this syntax:
( 1.3.6.1.4.1.1466.115.121.1.8 DESC 'Certificate' )
Servers must preserve values in this syntax exactly as given when
storing and retrieving them.
Note. Due to the changes from X.509(1988) to X.509(1993) and subsequent
changes to the ASN.1 definition to support certificate extensions in
X.509(1997), no character string transfer syntax is defined for
certificates. The BNF notation in RFC 1778 [12] for "User Certificate"
MUST NOT be used. Values in this syntax MUST be transferred as BER or
DER encoded octets. The use of the ;binary encoding option, i.e. by
requesting or returning the attributes with descriptions
"userCertificate;binary" or "caCertificate;binary" has no effect on the
transfer syntax.