[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Fw: Reserved characters for a LDAP URI



Dear Michael,

Thanks for your comment. Yes, as I said in my last email, I believe
that all the following encodings for the DN component in a LDAP URI
will all equivalent.

1. ou=PKI%20IWG,o=Chunghwa%20Telecom%20Co.%5C,%20Ltd.,c=TW
2. ou=PKI%20IWG,o=Chunghwa%20Telecom%20Co.%5C%2C%20Ltd.,c=TW
3. ou=PKI%20IWG%2Co=Chunghwa%20Telecom%20Co.%5C%2C%20Ltd.%2Cc=TW
4. ou%3DPKI%20IWG%2Co%3DChunghwa%20Telecom%20Co.%5C%2C%20Ltd.%2Cc%3DTW
5.
%6F%75%3D%50%4B%49%20%49%57%47%2C%6F%3D%43%68%75%6E%67%68%77%61%20%54%65%6C%
65%63%6F%6D%20%43%6F%2E%5C%2C%20%4C%74%64%2E%2C%63%3D%54%57

They are equivalent because RFC 1738 Section 2.2 says that:

   On the other hand, characters that are not required to be encoded
   (including alphanumerics) may be encoded within the scheme-specific
   part of a URL, as long as they are not being used for a reserved
   purpose.

However, it seems that RFC 2369 now deprecate encoding characters
that are not required to be encoded. In RFC 2369 Section 2.3, it says that:

   Unreserved characters can be escaped without changing the semantics
   of the URI, but this should not be done unless the URI is being used
   in a context that does not allow the unescaped character to appear.

So, I believe that the first is the prefered encoding.

Wen-Cheng Wang
Telecommunication Labs,
Chunghwa Telecom Co., Ltd.

----- Original Message -----
From: "Michael Ströder" <michael@stroeder.com>
To: "Wen-Cheng Wang" <wcwang@cht.com.tw>
Cc: <ietf-ldapbis@OpenLDAP.org>; <ietf-pkix@imc.org>
Sent: Monday, December 23, 2002 6:48 PM
Subject: Re: Fw: Reserved characters for a LDAP URI


> Wen-Cheng Wang wrote:
> >
> > Taiwan side believes that the DN component in a LDAP URI should
> > be:
> >
> > ou=PKI%20IWG,o=Chunghwa%20Telecom%20Co.%5C,%20Ltd.,c=TW
> >
> > However, Japan side insists that it should be:
> >
> > ou=PKI%20IWG,o=Chunghwa%20Telecom%20Co.%5C%2C%20Ltd.,c=TW
>
> There is one more possibility. ;-)
>
> ou%3DPKI%20IWG%2Co%3DChunghwa%20Telecom%20Co.%5C%2C%20Ltd.%2Cc%3DTW
>
> I think in case of LDAP URLs all these variants are equivalent.
>
>  From RFC2255:
>
>     Note that any URL-illegal characters (e.g., spaces), URL special
>     characters (as defined in section 2.2 of RFC 1738) and the reserved
>     character '?' (ASCII 63) occurring inside a dn, filter, or other
>     element of an LDAP URL MUST be escaped using the % method described
>     in RFC 1738 [5]. If a comma character ',' occurs inside an extension
>     value, the character MUST also be escaped using the % method.
>
> As I understand this the ',' MUST be escaped in extensions but MAY be
> escaped in dn, filter, etc. as well.
>
> Ciao, Michael.
>
>