Re: Additional issue on RFC 2253 usage in relation with XMLSig: On the capability of the RFC2253 "CN=Sam"encoding form for identifying a Certificate. from Konrad Lanz on 2007-06-18 (public-xmlsec-maintwg@w3.org from June 2007)

From: Konrad Lanz <Konrad.Lanz@iaik.tugraz.at>
Date: Mon, 18 Jun 2007 22:18:38 +0200
To: public-xmlsec-maintwg@w3.org
Message-ID: <4676E89E.1010101@iaik.tugraz.at>

Dear all,

I do not think that XMLDSig is the right place to perform DNAME 
constraining, canonicalization or comparison.
Usually RFC 2253/4514 implementations will parse two string 
representations and rather use means as specified in RFC 4517 section 4 
to compare two values.

However I would agree giving input to the IETF as these specifications 
are located in their premises. Such input could essentially ask for a 
canonical string representation for DNAMEs.

That would be really nice and such a DNAME comparison could then be 
reduced to a simple string comparison. ;-)

Konrad

Juan Carlos Cruellas wrote:
>
> Dear all,
>
> I understood in our last conference call that Frederick suggested to 
> summarize the issues related to the RFC 2253 stuff within XMLSig.
>
> In addition to the RFC 2253 encoding stuff that we have been 
> discussing in a separated thread, and which has been summarized by 
> Thomas, who has raised a proposal last week, I would like to remind an 
> issue that I raised in
> http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jun/0021.html 
>
>
> and that was commented by Ed in
> http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jun/0024.html 
>
>
> This issue deals with the fact that both RFC 2253 and RFC 4514 make it 
> clear that the String representation using short names and string 
> values for for representing DNs may put problems when trying to 
> identifying without ambiguity the corresponding certificate...
>
> Could we deal with this, once we have agreed on the encoding issue?
>
> Regards
>
> Juan Carlos.
>


-- 
Konrad Lanz, IAIK/SIC - Graz University of Technology
Inffeldgasse 16a, 8010 Graz, Austria
Tel: +43 316 873 5547
Fax: +43 316 873 5520
https://www.iaik.tugraz.at/aboutus/people/lanz
http://jce.iaik.tugraz.at

Certificate chain (including the EuroPKI root certificate):
https://europki.iaik.at/ca/europki-at/cert_download.htm

Received on Monday, 18 June 2007 20:18:52 UTC