[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ;binary option
"Kurt D. Zeilenga" wrote:
>
> It decision we make in the core technical specification regarding
> ;binary will have a significant impact on further standardization
> of certificate schema and the WG should consider this in making
> its decision regarding the removal of ;binary.
The schema for certificates has been removed from the core LDAPbis
documents and is now being progressed in the PKIX group. As one of the
co-editors of the PKIX draft, our intention is to produce specs that
will be compatible with the new LDAPbis specs, and we will endeavor to
limit the impact as far as possible. We are proposing to say that the
native LDAP encoding for certificates is the same transfer encoding as
produced today by ;binary i.e. DER/BER. Thus the values on the line will
be identical to today, but the attribute description will drop the
;binary option. I am glad to hear that this will not impact BLITS
specifications. It might be a good idea for the OpenGroup to
specifically run an LDAP security interoperability day once the new
specs have been finalised.
David
>The WG should
> consider other uses of ;binary as well.
>
> It should be obvious that the removal of ;binary protocol element
> removes capabilities offered by the core specification. While some
> of these capabilities could be subsequently reintroduced as
> extensions, some capabilities would be lost. In particular, as the
> removal of ;binary would include the deletion of the absolute
> imperative:
> Clients which request that all attributes be returned from
> entries MUST be prepared to receive values in binary [RFC2252].
>
> any extension reintroducing ;binary would have to account for
> clients which might not be prepared to receive values in binary
> when return of all attributes was requested.
>
> Kurt
--
*****************************************************************
David W. Chadwick, BSc PhD
Professor of Information Systems Security
IS Institute, University of Salford, Salford M5 4WT
Tel: +44 161 295 5351 Fax +44 161 745 8169
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick@salford.ac.uk
Home Page: http://www.salford.ac.uk/its024/chadwick.htm
Research Projects: http://sec.isi.salford.ac.uk
Understanding X.500: http://www.salford.ac.uk/its024/X500.htm
X.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5
*****************************************************************
begin:vcard
n:Chadwick;David
tel;cell:+44 77 96 44 7184
tel;fax:+44 1484 532930
tel;home:+44 1484 352238
tel;work:+44 161 295 5351
x-mozilla-html:FALSE
url:http://www.salford.ac.uk/its024/chadwick.htm
org:University of Salford;IS Institute
version:2.1
email;internet:d.w.chadwick@salford.ac.uk
title:Professor of Information Security
adr;quoted-printable:;;The Crescent=0D=0A;Salford;Greater Manchester;M5 4WT;England
note;quoted-printable:Research Projects: http://sec.isi.salford.ac.uk.......................=0D=0A=0D=0AUnderstanding X.500: http://www.salford.ac.uk/its024/X500.htm .......................=0D=0A=0D=0AX.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm...................=0D=0A=0D=0AEntrust key validation string: CJ94-LKWD-BSXB ...........=0D=0A=0D=0APGP Key ID is 0xBC238DE5
x-mozilla-cpt:;-4856
fn:David Chadwick
end:vcard