[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
;binary Concensus?
Folks
There has been a lot of discussions on the use of ;binary, and clearly
two opposing view points. One camp think its use is unnecessary, the
other think it should be mandatory. I dont know how rough concensus is
measured by the IETF, but in terms of pure numbers more people voiced
support for unnecessary than for mandatory. But I would not say that a
concensus has been reached by any means, but maybe it was a very rough
concensus (maybe the chairs can comment on this). Anyway, I propose to
use the following text in the revised PKIX ID in the next revision.
Although the issue is not closed, I am not persuaded that ;binary should
be mandatory.
3.3 Certificate Syntax
A value in this transfer syntax is the binary octet string that results
from BER and/or DER-encoding of an X.509 public key certificate. The
following string states the OID assigned to this syntax:
( 1.3.6.1.4.1.1466.115.121.1.8 DESC 'A BER and/or DER encoded
public key certificate' )
Servers must preserve values in this syntax exactly as given to them by
the client, when storing and retrieving certificates.
Note. Due to the changes from X.509(1988) to X.509(1993) and subsequent
changes to the ASN.1 definition to support certificate extensions in
X.509(1997), no character string transfer syntax is defined for
certificates. The BNF notation in RFC 1778 [12] for "User Certificate"
MUST NOT be used. Values in this syntax MUST be transferred as BER
and/or DER encoded octets. The use of the ;binary encoding option, i.e.
by requesting or returning the attributes with descriptions
"userCertificate;binary" or "caCertificate;binary" has no effect on the
transfer syntax.
David
--
*****************************************************************
David W. Chadwick, BSc PhD
Professor of Information Systems Security
IS Institute, University of Salford, Salford M5 4WT
Tel: +44 161 295 5351 Fax +44 161 745 8169
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick@salford.ac.uk
Home Page: http://www.salford.ac.uk/its024/chadwick.htm
Research Projects: http://sec.isi.salford.ac.uk
Understanding X.500: http://www.salford.ac.uk/its024/X500.htm
X.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5
*****************************************************************
begin:vcard
n:Chadwick;David
tel;cell:+44 77 96 44 7184
tel;fax:+44 1484 532930
tel;home:+44 1484 352238
tel;work:+44 161 295 5351
x-mozilla-html:FALSE
url:http://www.salford.ac.uk/its024/chadwick.htm
org:University of Salford;IS Institute
version:2.1
email;internet:d.w.chadwick@salford.ac.uk
title:Professor of Information Security
adr;quoted-printable:;;The Crescent=0D=0A;Salford;Greater Manchester;M5 4WT;England
note;quoted-printable:Research Projects: http://sec.isi.salford.ac.uk.......................=0D=0A=0D=0AUnderstanding X.500: http://www.salford.ac.uk/its024/X500.htm .......................=0D=0A=0D=0AX.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm...................=0D=0A=0D=0AEntrust key validation string: CJ94-LKWD-BSXB ...........=0D=0A=0D=0APGP Key ID is 0xBC238DE5
x-mozilla-cpt:;-4856
fn:David Chadwick
end:vcard