Action-69: "Ed Simon to Draft warning similar to that of section 7.2 of RFC 2253"

With regard to Action-69 ("Ed Simon to Draft warning similar to that of
section 7.2 of RFC 2253"), I propose the following text (based on RFC 4514
rather than RFC 2253):
 
>>>
The XML Signature specification describes distinguished name encoding rules
designed to comply with RFC 4514 and be robust within XML processing. When a
distinguished name is used to identify a key, and not just to provide a
human-readable string, as in Section 4 of the XML Signature specification
which describes the <X509Data> element, it is important that applications
incorporate the directions given in Section 5.2 of RFC 4514.
 
Section 5.2 of RFC 4514 warns that when reversibility of the distinguished
name string representation back to its initial BER or DER form is required
(as would commonly be the case in XML Signature validation), then attribute
values which are not of type PrintableString "SHOULD use the hexadecimal
form prefixed by the number sign ('#' U+0023) as described in the first
paragraph of Section 2.4 (of RFC 4514)".
<<<
 
Comments?
 
Ed
 
_____________________________
Ed Simon <edsimon@xmlsec.com>
Principal, XMLsec Inc. 
(613) 726-9645 

Interested in XML, Web Services, or Security? Visit "
<http://www.xmlsec.com/> http://www.xmlsec.com". 

New! "Privacy Protection for E-Services" published by Idea Group (ISBN:
1-59140-914-4 for hard cover, 1-59140-915-2 for soft cover). 
Includes a chapter, by Ed Simon, on "Protecting Privacy Using XML, XACML,
and SAML".
See the Table of Contents here: " <http://tinyurl.com/rukr4>
http://tinyurl.com/rukr4".
 

Received on Monday, 30 July 2007 16:11:42 UTC