- From: Sean Mullan <Sean.Mullan@Sun.COM>
- Date: Tue, 19 Jun 2007 17:15:19 -0400
- To: Konrad Lanz <Konrad.Lanz@iaik.tugraz.at>
- Cc: public-xmlsec-maintwg@w3.org
Konrad Lanz wrote: > Dear all, > > I do not think that XMLDSig is the right place to perform DNAME > constraining, canonicalization or comparison. > Usually RFC 2253/4514 implementations will parse two string > representations and rather use means as specified in RFC 4517 section 4 > to compare two values. > > However I would agree giving input to the IETF as these specifications > are located in their premises. Such input could essentially ask for a > canonical string representation for DNAMEs. > > That would be really nice and such a DNAME comparison could then be > reduced to a simple string comparison. ;-) FYI, we have defined one for Java: http://java.sun.com/javase/6/docs/api/javax/security/auth/x500/X500Principal.html#getName(java.lang.String) See the paragraph that start with "If "CANONICAL" is specified as the format ..." --Sean
Received on Tuesday, 19 June 2007 21:16:05 UTC