[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Encoding of "dc" in DNs

To: Volker Hammer <hammer@xxxxxxxxxx>, "PKIX Mailing List" <ietf-pkix@xxxxxxx>
Subject: Re: Encoding of "dc" in DNs
From: Juergen Brauckmann <brauckmann@xxxxxxxxxxxxxx>
Date: Fri, 14 Apr 2000 14:03:31 +0200
In-reply-to: <>

At 18:05 13.04.00 +0200, Volker Hammer wrote:
>Hi,
>
>we use the "dc"-Attribute (domain component) to build distinguished names
in multinational enterprises.
>
>We need to decide how the "dc"-attribute should be encoded in
implementations of the subject distinguished name and issuer dn within
certificates as well as for X.500 directory information tree distinguished
names. RFC2247 (X.500 OID DomainComponent) tells "IA5 string". Some CA
products use "printableString", which is in accordance with recommendation
of "DirectoryString" in X.500 ff. But the latter is only a recommendation
and not enforced, so IA5 string seems to be correct.
>

DC is defined as type "IA5String" in RFC2247. 

"DirectoryString" is an own type which is used in components of DNs. But
not all DN-Components need to be of type DirectoryString. domainComponent
is *not* of type DirectoryString, but of type IA5String, so it is
definitely an error to encode a DC as a PrintableString.

>* Will interop problems in clients arise when using "the other" encoding
(client expects IA5 but find 
>printableString and vice versa)

That depends, of course... . 

Regards,
   Juergen Brauckmann
-- 
Juergen Brauckmann             Tel.:  040 / 8080 26 311
TC TrustCenter GmbH            Fax.:  040 / 8080 26 126
Sonninstraße 24-28   	    mailto:brauckmann@trustcenter.de
20097 Hamburg 		    http://www.trustcenter.de

References:
- Encoding of "dc" in DNs
  - From: Volker Hammer

Prev by Date: RE: Global unique identifier
Next by Date: Re: Global unique identifier
Previous by thread: Encoding of "dc" in DNs
Next by thread: Warning: PKIX Freeware Library may be withdrawn
Index(es):
- Date
- Thread