[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: order of name attributes in certificates, suggestion for 3280 bis

To: Michael Ströder <michael@xxxxxxxxxxxx>
Subject: Re: order of name attributes in certificates, suggestion for 3280 bis
From: "David A. Cooper" <david.cooper@xxxxxxxx>
Date: Wed, 26 Apr 2006 14:57:16 -0400
Cc: ietf-pkix@xxxxxxx
In-reply-to: <444DE9B8.60407@xxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <OF54A40658.D9253BB9-ON8525714C.00445AD0-8525714E.0011784B@xxxxxxxxxx> <444DE9B8.60407@xxxxxxxxxxxx>
Sender: owner-ietf-pkix@xxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050920


Michael Ströder wrote:

Especially RFC3280bis should have a normative reference to the DN string
representation used for the example DNs in appendix C which defines:
- order
- character set
- defined RDN separator
- multi-valued RDNs

I do not believe that 3280bis should include a normative reference toRFC 2253, although I don't see any problem including an informativereference. The IETF describes normative references as follows:

Normative references specify documents that must be read tounderstand orimplement the technology in the new RFC, or whose technology must bepresent

   for the technology in the new RFC to work.

The only places that I can find string representations of DNs in 3280bisare in the examples of LDAP URIs and in Appendix C. The rules for LDAPURIs, including the rules for distinguishedName portion of the URI, arespecified in RFC 2255, which is already listed as a normativereference. The string representation of DNs in Appendix C are simplyused to describe sample certificates, and I see no reason that theinclusion of these examples would result in the need to list RFC 2253 asa normative reference.

Semicolons as RDN separators like used in appendix C are today not
widely known to implementors and disallowed in LDAPv3 (see RFC 2253).

I can't find any place in 3280bis were semicolons are used as RDNseparators. If there are any string representations of DNs in 3280bisthat do not conform to RFC 2253, please specify where they are and Iwill correct them.

I'd think this needs clarification. Also character set of string
representation should be clearly specified (UTF-8 in RFC 2253).

I will add a note in Appendix C indicating that all stringrepresentations of DNs are encoded in accordance with RFC 2253.

=> use a normative reference to RFC 2253 (or its upcoming successor
draft-ietf-ldapbis-dn) and correct examples in appendix C accordingly.

I will add an informative reference. If any of the examples areincorrect, please specify where they are since do not see any.


Dave

Follow-Ups:
- Re: order of name attributes in certificates, suggestion for 3280 bis
  - From: Michael Ströder

References:
- Re: order of name attributes in certificates, suggestion for 3280 bis
  - From: Tom Gindin
- Re: order of name attributes in certificates, suggestion for 3280 bis
  - From: Michael Ströder

Prev by Date: Re: Putting a certificate on hold with CMP (and removing it)
Next by Date: Re: order of name attributes in certificates, suggestion for 3280 bis
Previous by thread: Re: order of name attributes in certificates, suggestion for 3280 bis
Next by thread: Re: order of name attributes in certificates, suggestion for 3280 bis
Index(es):
- Date
- Thread