[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LDAP ISSUE

To: "David P. Kemp" <dpkemp@xxxxxxxxxxxxxx>
Subject: Re: LDAP ISSUE
From: David Chadwick <d.w.chadwick@xxxxxxxxxxxxx>
Date: Fri, 19 Jul 2002 01:39:13 +0100
Cc: steve.hanna@xxxxxxxxxxxx, ietf-pkix@xxxxxxx
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Organization: University of Salford
References: <> <>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Dave

Once the keywords are reggistered with IANA, the client wont need to do
the mapping. It can send the keywords in the protocol. It has to do the
mapping now for some of the keywords, and not for others, since only
some of the mappings are known to the server. This is an odd situation
to be in, and burdens the client. Once the keywords are registered, the
clients wont need to know about or use any of the OIDs.

David

"David P. Kemp" wrote:
> 
> Steve,
> 
> That sounds like a presentation issue, and perhaps that's what
> you meant to imply by emphasizing "on the wire".
> 
> Would it not be reasonable for new DN attribute keywords to
> be registered with IANA, and permit newly developed clients
> to translate between keywords (for human consumption)
> and OIDs (on the wire)?
> 
> Dave
> 
> Steve Hanna wrote:
> >
> > Actually, there is a good reason for the position of the LDAP
> > group on this issue.
> >
> > The reason that new keywords for attribute types in X.500 DNs
> > cannot be sent on the wire in LDAP protocol messages is that
> > old LDAP servers won't know what the new keywords mean. For
> > user input and output, new keywords can be added. But you
> > can't expect existing LDAP servers to automagically understand
> > what a new keyword means when they see it on the wire. OIDs
> > are the best way to handle this.
> >
> > Also, this is not a new position. RFC 1779 (for LDAPv2)
> > allowed new keywords and defined an IANA registry. But no
> > new keywords were ever defined. I suspect that people
> > realized the problems that would ensue. RFC 2253 (for LDAPv3)
> > does not allow new keywords. And the revised version of 2253
> > (draft-ietf-ldapbis-dn-07.txt) also does not.
> >
> > Steve

-- 
*****************************************************************

David W. Chadwick, BSc PhD
Professor of Information Systems Security
IS Institute, University of Salford, Salford M5 4WT
Tel: +44 161 295 5351  Fax +44 01484 532930
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick@xxxxxxxxxxxxx
Home Page:  http://www.salford.ac.uk/its024/chadwick.htm
Research Projects: http://sec.isi.salford.ac.uk
Understanding X.500:  http://www.salford.ac.uk/its024/X500.htm
X.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5

*****************************************************************

begin:vcard 
n:Chadwick;David
tel;cell:+44 77 96 44 7184
tel;fax:+44 1484 532930
tel;home:+44 1484 352238
tel;work:+44 161 295 5351
x-mozilla-html:FALSE
url:http://www.salford.ac.uk/its024/chadwick.htm
org:University of Salford;IS Institute
version:2.1
email;internet:d.w.chadwick@xxxxxxxxxxxxx
title:Professor of Information Security
adr;quoted-printable:;;The Crescent=0D=0A;Salford;Greater Manchester;M5 4WT;England
note;quoted-printable:Research Projects: http://sec.isi.salford.ac.uk.......................=0D=0A=0D=0AUnderstanding X.500:  http://www.salford.ac.uk/its024/X500.htm .......................=0D=0A=0D=0AX.500/LDAP Seminars: http://www.salford.ac.uk/its024/seminars.htm...................=0D=0A=0D=0AEntrust key validation string: CJ94-LKWD-BSXB ...........=0D=0A=0D=0APGP Key ID is 0xBC238DE5
x-mozilla-cpt:;-4856
fn:David Chadwick
end:vcard

References:
- Re: LDAP ISSUE
  - From: Steve Hanna
- Re: LDAP ISSUE
  - From: David P. Kemp

Prev by Date: Re: LDAP ISSUE
Next by Date: Re: LDAP ISSUE
Previous by thread: Re: LDAP ISSUE
Next by thread: Re: LDAP ISSUE
Index(es):
- Date
- Thread