Re: Encoding of Strings in DNames (X509IssuerSerial, X509SubjectName) from Joseph Reagle on 2002-01-16 (w3c-ietf-xmldsig@w3.org from January to March 2002)

From: Joseph Reagle <reagle@w3.org>
Date: Wed, 16 Jan 2002 14:23:30 -0500
To: "Gregor Karlinger" <gregor.karlinger@iaik.at>
Cc: "XMLSigWG" <w3c-ietf-xmldsig@w3.org>, Martin Duerst <duerst@w3.org>, <merlin@baltimore.ie>, <bal@microsoft.com>
Message-Id: <200201161923.OAA29133@tux.w3.org>

On Wednesday 16 January 2002 08:21, Gregor Karlinger wrote:
> (1) We claim that these instructions are conforming with RFC 2253 [2].
> This is currently not true, since RFC 2253 demands the escaping of the
> whitespace character (ASCII code \x20) at the beginning and at the end of
> the string (see section 2.4).

Ok, I can see an editorial tweak in the bullet list at the top of 4.4.4 [1] 
so as to not refer to 2253 but to the specific text at the end of this 
section.

[1] http://www.w3.org/Signature/Drafts/xmldsig-core/Overview.html#sec-X509Data

However, with respect to what you propose below what are the diff's with 
what we have presently? Are you advocating we drop the last two bullets in 
[1]? Or is your third bullet the only diff?
Now:
  Escape all occurrences of ASCII control characters (Unicode 
  range \x00 - \x 1f) by replacing them with "\" followed by a two
  digit hex number showing its Unicode number.
Proposed:
  * Escape control characters that are not XML characters (\x00-\x08,
     \x0B-\x0C, \x0E-\x19).

> (2) (a fundamental problem): The instructions in section 2.4 of [2]
> operate on a UTF8-String, i. e. in the octet domain. Our instructions
> operate on a Unicode string, i. e. in the character domain. Therefore I
> consider it useless to try to conform to RFC 2253 with the current
> instructions.
>
> To solve the problems, I suggest:
>
> - Do not state that the encoding of DNames conforms with RFC 2253, rather
>   state that our instructions are similar to that of RFC 2253 (only
> similar because of the domain difference).
>
> - Modify the instructions as follows:
>
>   * Consider the string as consisting of Unicode characters.
>
>   * Escape occurrences of the following special characters by
>     prefixing it with the "\" character:
>
>     - a "#" occurring at the beginning of the string
>     - one of the characters ",", "+", """, "\", "<", ">" or ";"
>
>   * Escape control characters that are not XML characters (\x00-\x08,
>     \x0B-\x0C, \x0E-\x19).
>
>   This is sufficient in order to produce text that consists of valid
>   XML characters, and to be able to reparse the DName string.

Received on Wednesday, 16 January 2002 14:23:49 UTC