W3C home > Mailing lists > Public > public-xmlsec-maintwg@w3.org > June 2007

Re: Clarifying the DN text

From: Sean Mullan <Sean.Mullan@Sun.COM>
Date: Tue, 05 Jun 2007 12:02:40 -0400
To: Ed Simon <edsimon@xmlsec.com>
Cc: public-xmlsec-maintwg@w3.org
Message-id: <46658920.8050600@sun.com>

Ed Simon wrote:
> As follow up to the teleconference, let me state that my proposed text
> [1] to the DN section is to clarify and simplify both the original text
> and the current proposed revision. That said, because I do not find the
> original text clear myself, my "clarification" is based on my best guess
> (out of various guesses) of what was originally meant. If others have
> different interpretations, then my "clarification" is not going to read
> right to them -- and that's OK; that indeed was the point of my
> clarification exercise -- to try and agree what was originally meant
> and/or what our different interpretations are and/or how it should be
> written.

I can live with it if we can't fix the existing text. But I wouldn't be
happy changing our implementation to follow these encoding rules, simply
because I believe the first rule makes the resulting DN non 2253
compliant. I would really like to find out why in particular the first
rule was imposed:

Escape any trailing white space by replacing "\ " with "\20"

I'm less concerned with the 2nd rule, since the use cases would be very
rare and the DN is still 2253 compliant.

> Re "how it should be written", I suggest the best way, given the
> apparent lack of uniform reading, is to find out what implentations have
> done, review RFCs 4514 and 2253, and come up with a common plan as to
> how the text should have been written based on those influences. Then we
> go from there. Essentially, I think I'm agreeing with Phill's and Sean's
> comments here.

I agree it makes sense to find out what current implementations do.
However, my overall feeling is that we shouldn't be trying to define a
canonical String form for DNs and that something like that is best left
up to the IETF PKIX or LDAP working groups. We should only be concerned
with potential problems due to encoding the DNs in XML. I would be ok
with including a warning similar to that of section 7.2 of RFC 2253:

Received on Tuesday, 5 June 2007 16:02:47 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 19:58:42 UTC