W3C home > Mailing lists > Public > public-xmlsec-maintwg@w3.org > June 2007

Re: E01: dname encoding rules proposal (ACTION-51)

From: Juan Carlos Cruellas <cruellas@ac.upc.edu>
Date: Wed, 13 Jun 2007 18:14:28 +0200
Message-ID: <467017E4.6090607@ac.upc.edu>
To: Sean Mullan <Sean.Mullan@Sun.COM>
CC: public-xmlsec-maintwg@w3.org

Sean Mullan escribió:
> I'm not sure his examples are correct according to the rules. Shouldn't
> the first be:
> "CN=\  Wolfgang \20+CN=\  Amadeus \20"
> instead of
> "CN=\  Wolfgang \ +CN=\  Amadeus \20"
> because there is a trailing space at the end of the Wolfgang AVA String?!
I tend to agree with Sean.
Maybe it was assumed that the whole string should be taken as only one 
entity. But it seems to me that this is a multi-valued 
RelativeDistinguishedName, which "outputs from adjoining 
AttributeTypeAnd Values are separated by a plus character" (sect 2.2 of 
RFC 2253).
Sect 2.3 emphasizes that AttributeTypeAndValue comes from concatenating 
strings resulting from encoding Attribute Type, "=" character and string 
resulting from encoding the value....
Section 2.4 mandates escaping certain characters in the string that 
encodes each value.
Finally XMLSig says "Also strings in DNames (..) should be encoded as 
follows"... the plural in "strings" seems to me as indicating that each 
individual string encoding a particular value of an attribute should 
escape its own leading and trailing chars no matter if it is within a 
multi-value or not. In summary, I would also tend to think that a "\20" 
should appear at the end of the first value of the multi-valued RDN in 
the example that Sean mentions.

Juan Carlos.
Received on Wednesday, 13 June 2007 16:14:43 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 19:58:42 UTC