- From: Ed Simon <edsimon@xmlsec.com>
- Date: Mon, 30 Jul 2007 12:08:13 -0400
- To: <public-xmlsec-maintwg@w3.org>
- Message-ID: <000001c7d2c3$db2eedd0$6800a8c0@XMLSEC004>
With regard to Action-69 ("Ed Simon to Draft warning similar to that of section 7.2 of RFC 2253"), I propose the following text (based on RFC 4514 rather than RFC 2253): >>> The XML Signature specification describes distinguished name encoding rules designed to comply with RFC 4514 and be robust within XML processing. When a distinguished name is used to identify a key, and not just to provide a human-readable string, as in Section 4 of the XML Signature specification which describes the <X509Data> element, it is important that applications incorporate the directions given in Section 5.2 of RFC 4514. Section 5.2 of RFC 4514 warns that when reversibility of the distinguished name string representation back to its initial BER or DER form is required (as would commonly be the case in XML Signature validation), then attribute values which are not of type PrintableString "SHOULD use the hexadecimal form prefixed by the number sign ('#' U+0023) as described in the first paragraph of Section 2.4 (of RFC 4514)". <<< Comments? Ed _____________________________ Ed Simon <edsimon@xmlsec.com> Principal, XMLsec Inc. (613) 726-9645 Interested in XML, Web Services, or Security? Visit " <http://www.xmlsec.com/> http://www.xmlsec.com". New! "Privacy Protection for E-Services" published by Idea Group (ISBN: 1-59140-914-4 for hard cover, 1-59140-915-2 for soft cover). Includes a chapter, by Ed Simon, on "Protecting Privacy Using XML, XACML, and SAML". See the Table of Contents here: " <http://tinyurl.com/rukr4> http://tinyurl.com/rukr4".
Received on Monday, 30 July 2007 16:11:42 UTC