Re: X509SubjectName and binary values from merlin on 2001-09-13 (w3c-ietf-xmldsig@w3.org from July to September 2001)

From: merlin <merlin@baltimore.ie>
Date: Thu, 13 Sep 2001 11:14:54 +0100
To: Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>
Cc: XML Signature WG <w3c-ietf-xmldsig@w3.org>, reagle@w3.org
Message-Id: <20010913101454.3611C43C0A@yog-sothoth.ie.baltimore.com>

Hi Christian,

r/geuer-pollmann@nue.et-inf.uni-siegen.de/2001.09.13/08:22:30
>If a Unicode, non-ASCII character occurs in a X509SubjectName, do we have 
>to encode it according to RFC2253 as \5473 sequence or is it a &x5473; XML 
>character? (In the spec was stated: "Consider the string as consisting of 
>unicode characters." (Maybe 5473 was a bad example, don't know whether is 
>is unicode, just to show a value)

We leave it as a Unicode character. When the XML document is
serialized, it will be encoded as per the chosen character
set.

>If a binary value like
>   1.3.6.1.4.1.1466.0=#04024869,O=Test,C=GB
>occurs in the SubjectName, do I have to escape it like
>   1.3.6.1.4.1.1466.0=\#04024869,O=Test,C=GB
>which is _not_ RFC2253 compliant?

No.

I would summarize our encoding (assuming the changes recently
discussed on the list) as:

Translation from RFC 2253 -> XMLDSIG:

. UTF-8 decode the string.
. Encode characters < ' ' as "\XY".
. Replace any trailing "\ " in the full dname with "\20".

Translation from XMLDSIG -> RFC 2253:

. Replace any trailing "\20" with "\ ".
. Replace any "\XY" with the corresponding character.
. UTF-8 encode the string.

Broadly, this is RFC 2253 without the UTF-8 encoding step,
with all characters < ' ' encoded as "\XY" and any trailing
"\ " in the full dname replaced with "\20".

To be honest, I would be cautious about the text that we have
in XMLDSIG; it duplicates material from RFC 2253 and may lose
clarity in so doing.

I've checked none of the above, so may be way off the mark.

Merlin


-----------------------------------------------------------------------------
Baltimore Technologies plc will not be liable for direct,  special,  indirect 
or consequential  damages  arising  from  alteration of  the contents of this
message by a third party or as a result of any virus being passed on.

In addition, certain Marketing collateral may be added from time to time to
promote Baltimore Technologies products, services, Global e-Security or
appearance at trade shows and conferences.

This footnote confirms that this email message has been swept by
Baltimore MIMEsweeper for Content Security threats, including
computer viruses.
   http://www.baltimore.com

Received on Thursday, 13 September 2001 06:15:40 UTC