[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP Certificate transfer syntax




"Kurt D. Zeilenga" wrote:

> I think it very important certificate schema not be a 'special
> case'.

Yes I agree with this. I think there really should be no special cases,
and that the core LDAPv3 specs should be able to cater for all
eventualities, such as native encoding exists, native encoding does not
exist, how to handle "any" in both cases etc.


>  I am concerned that adding a 'native' encoding to
> certificate schema will necessity the need for a 'special case'.
> In particular, in the handling of '*' as the general handling
> is to return the native encoding (no transfer option) if one
> is defined and supported.
> 

The special case will be needed by the enhanced LDAPv3 server that
understands the certificate native encoding, so does not need to provide
;binary in the response, but might do so as to be backwards compatible
with clients that expect ;binary (ie. do not know the native encoding).
But this special case is not really so special anyway, because

a) is not mandatory so the server does not have to keep this backwards
compatibility if it does not want to and
b) this case is no different to a server that knows about a private
attribute "foobar" with a locally defined native encoding, when
returning this to a remote client from another domain. The server does
not have to provide ;binary encoding, but ought to because the remote
client wont know the native encoding. This is why I said that ;binary
can only be ignored for attributes whose native syntax is defined in an
RFC, and is internationally known, but not for locally defined
attributes.

David


> >Seems like ASN.1 DAP had some advantages after all :-)
> 
> DAP, in many ways, is lighter than LDAP.  :-(
> 
> Kurt

-- 
*****************************************************************

David W. Chadwick, BSc PhD
Professor of Information Systems Security
IS Institute, University of Salford, Salford M5 4WT
Tel: +44 161 295 5351  Fax +44 161 745 8169
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick@salford.ac.uk
Home Page:  http://www.salford.ac.uk/its024/chadwick.htm
Research Projects: http://sec.isi.salford.ac.uk
Understanding X.500:  http://www.salford.ac.uk/its024/X500.htm
X.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5

*****************************************************************
begin:vcard 
n:Chadwick;David
tel;cell:+44 77 96 44 7184
tel;fax:+44 1484 532930
tel;home:+44 1484 352238
tel;work:+44 161 295 5351
x-mozilla-html:FALSE
url:http://www.salford.ac.uk/its024/chadwick.htm
org:University of Salford;IS Institute
version:2.1
email;internet:d.w.chadwick@salford.ac.uk
title:Professor of Information Security
adr;quoted-printable:;;The Crescent=0D=0A;Salford;Greater Manchester;M5 4WT;England
note;quoted-printable:Research Projects: http://sec.isi.salford.ac.uk.......................=0D=0A=0D=0AUnderstanding X.500:  http://www.salford.ac.uk/its024/X500.htm .......................=0D=0A=0D=0AX.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm...................=0D=0A=0D=0AEntrust key validation string: CJ94-LKWD-BSXB ...........=0D=0A=0D=0APGP Key ID is 0xBC238DE5
x-mozilla-cpt:;-4856
fn:David Chadwick
end:vcard