[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LDAP ISSUE

To: <ietf-pkix@xxxxxxx>
Subject: Re: LDAP ISSUE
From: Steve Hanna <Steve.Hanna@xxxxxxx>
Date: Fri, 19 Jul 2002 01:21:32 +0-900
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Reply-to: <steve.hanna@xxxxxxxxxxxx>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Actually, there is a good reason for the position of the LDAP
group on this issue.

The reason that new keywords for attribute types in X.500 DNs
cannot be sent on the wire in LDAP protocol messages is that
old LDAP servers won't know what the new keywords mean. For
user input and output, new keywords can be added. But you
can't expect existing LDAP servers to automagically understand
what a new keyword means when they see it on the wire. OIDs
are the best way to handle this.

Also, this is not a new position. RFC 1779 (for LDAPv2)
allowed new keywords and defined an IANA registry. But no
new keywords were ever defined. I suspect that people
realized the problems that would ensue. RFC 2253 (for LDAPv3)
does not allow new keywords. And the revised version of 2253
(draft-ietf-ldapbis-dn-07.txt) also does not.

Steve

Follow-Ups:
- Re: LDAP ISSUE
  - From: David Chadwick
- Re: LDAP ISSUE
  - From: David P. Kemp

Prev by Date: RE: LDAP ISSUE
Next by Date: Re: LDAP ISSUE
Previous by thread: Re: LDAP ISSUE
Next by thread: Re: LDAP ISSUE
Index(es):
- Date
- Thread