I recommend the default pretty form be the strict RFC 2253 (bis) with minimal escaping. That is, only characters which require escaping are escaped. If clients desire further escaping before presenting the DN to the user, that's there responsibility. Comments?