RE: Encoding of Strings in DNames (X509IssuerSerial, X509SubjectName)

Hi Joseph,

> -----Original Message-----
> From: Joseph Reagle [mailto:reagle@w3.org]
> Sent: Wednesday, January 16, 2002 8:24 PM

[...]

> On Wednesday 16 January 2002 08:21, Gregor Karlinger wrote:
> > (1) We claim that these instructions are conforming with RFC 2253 [2].
> > This is currently not true, since RFC 2253 demands the escaping of the
> > whitespace character (ASCII code \x20) at the beginning and at
> the end of
> > the string (see section 2.4).
>
> Ok, I can see an editorial tweak in the bullet list at the top of
> 4.4.4 [1]
> so as to not refer to 2253 but to the specific text at the end of this
> section.
>
> [1]
> http://www.w3.org/Signature/Drafts/xmldsig-core/Overview.html#sec-X509Data

This sounds fine. In the text "at the end of this section" it should be
stated, that DName encoding for XMLDSIG is similar to RFC 2253; the only
difference is the encoding of strings in a DName (encoding of RDF sequence
and AVA sequences is done as stated in RFC 2253).

> However, with respect to what you propose below what are the diff's with
> what we have presently? Are you advocating we drop the last two
> bullets in
> [1]? Or is your third bullet the only diff?

I suggest to replace the text segment at the end of section 4.4.4:

 "
  Also, strings in DNames
  ...
  physical representation of the XML document.
 "

with the folloing:

 "
  DNames (X509IssuerSerial, X509SubjectName, and KeyName if approriate)
  should be encoded in accordance with RFC 2253, except the encoding of
  string values within a DName, which should be encoded as follows:

    * Consider the string as consisting of Unicode characters.

    * Escape occurrences of the following special characters by
      prefixing it with the "\" character:

      - a "#" occurring at the beginning of the string
      - one of the characters ",", "+", """, "\", "<", ">" or ";"

    * Escape control characters that are not XML characters (\x00-\x08,
      \x0B-\x0C, \x0E-\x19) by replacing them with "\" followed by a
      two digit hex number showing its Unicode number.
 "

Regards, Gregor

Received on Friday, 18 January 2002 08:32:31 UTC