Re: X509SubjectName and binary values

Hi Christian,

>If a Unicode, non-ASCII character occurs in a X509SubjectName, do we have 
>to encode it according to RFC2253 as \5473 sequence or is it a &x5473; XML 
>character? (In the spec was stated: "Consider the string as consisting of 
>unicode characters." (Maybe 5473 was a bad example, don't know whether is 
>is unicode, just to show a value)

We leave it as a Unicode character. When the XML document is
serialized, it will be encoded as per the chosen character

>If a binary value like
>occurs in the SubjectName, do I have to escape it like
>which is _not_ RFC2253 compliant?


I would summarize our encoding (assuming the changes recently
discussed on the list) as:

Translation from RFC 2253 -> XMLDSIG:

. UTF-8 decode the string.
. Encode characters < ' ' as "\XY".
. Replace any trailing "\ " in the full dname with "\20".

Translation from XMLDSIG -> RFC 2253:

. Replace any trailing "\20" with "\ ".
. Replace any "\XY" with the corresponding character.
. UTF-8 encode the string.

Broadly, this is RFC 2253 without the UTF-8 encoding step,
with all characters < ' ' encoded as "\XY" and any trailing
"\ " in the full dname replaced with "\20".

To be honest, I would be cautious about the text that we have
in XMLDSIG; it duplicates material from RFC 2253 and may lose
clarity in so doing.

I've checked none of the above, so may be way off the mark.


Baltimore Technologies plc will not be liable for direct,  special,  indirect 
or consequential  damages  arising  from  alteration of  the contents of this
message by a third party or as a result of any virus being passed on.

In addition, certain Marketing collateral may be added from time to time to
promote Baltimore Technologies products, services, Global e-Security or
appearance at trade shows and conferences.

This footnote confirms that this email message has been swept by
Baltimore MIMEsweeper for Content Security threats, including
computer viruses.

Received on Thursday, 13 September 2001 06:15:40 UTC