- From: Sean Mullan <Sean.Mullan@Sun.COM>
- Date: Wed, 12 Sep 2007 16:19:15 -0400
- To: Konrad Lanz <Konrad.Lanz@iaik.tugraz.at>, Juan Carlos Cruellas <cruellas@ac.upc.edu>
- Cc: XMLSec <public-xmlsec-maintwg@w3.org>
I found 2 more potential incompatibilities with respect to RFC 2253 and
RFC 4514 so I would like to add test cases for them. RFC 4514 does not
require escaping of equals sign ('=' U+003D) and non-leading number sign
('#' U+0023) characters in attribute values.
Also, I would like to change how the test cases are specified in section
3.5.1 and 3.5.2 [1]. In particular:
The input to each test case will be an XML Signature containing a
KeyInfo element, containing an X509Data element, containing an
X509SubjectName (or X509IssuerSerial) element with a DistinguishedName
in RFC 4514 format (specified according to the test input details section).
Implementations will be required to parse the distinguished name and
find a corresponding certificate (with the same SubjectDN (or
Issuer/Serial)). This certificate will contain the public key needed to
verify the signature. I will supply the certificates in the test
directory (or a sub-directory).
These changes confirm that implementations can properly parse and use
RFC 4514 DNs which is what I think we should be testing. There is no
need to test RFC 2253 DNs.
Please let me know within the next day if you have any objections to
these changes. (Time is of the essence :).
Thanks,
Sean
[1]
http://www.w3.org/2007/xmlsec/interop/xmlsig-interop-doc/testcases.html#TestCases-DistinguishedName
Received on Wednesday, 12 September 2007 20:23:42 UTC