Re: X509SubjectName and binary values

Hi All,
this is a response to a discussion thread in the
xmldsig mailing list in Sept last year. I was digging
through the archive when I found this :) (copied

I am seeking some clarification on what is the current
W3C RECOMMENDATION pertaining to the encoding. With
your current proposed recommendation
in sectin 4.4.4, it was mentioned : 
Escape all occurences of ASCII control characters
(Unicode range \x00 - \x20) by replacing them with "\"
followed by a two digit hex number showing its Unicode
number. Since a XML document logically consists of
characters, not octets, the resulting unicode string
is finally encoded according to the character encoding
used for producing the physical representation of the
XML document. 
which I take it to mean( please correct me if I am
wrong) that for example, a (short) DName [CN=My Name]
will translate, in the physical XML document, to
However in the draft mentioned the mail below, the
Unicode range was 'shortened' to (\x00 - \x1f) which
excludes the space (with the exception of the trailing
So if I have an application that needs to support W3C
_proposed recommendation_, should the DName end up
like [CN=My\20Name]?

Just seeking some clarification.


From: Joseph Reagle <>
To: merlin <>, Christian
Date: Fri, 14 Sep 2001 12:58:38 -0400
Cc: XML Signature WG <>
Message-Id: <>
Subject: Re: X509SubjectName and binary values

On Thursday 13 September 2001 06:14, merlin wrote:
> Hi Christian,
> I would summarize our encoding (assuming the changes
> discussed on the list) as:
> Translation from RFC 2253 -> XMLDSIG:
> . UTF-8 decode the string.
> . Encode characters < ' ' as "\XY".
> . Replace any trailing "\ " in the full dname with
> Translation from XMLDSIG -> RFC 2253:
> . Replace any trailing "\20" with "\ ".
> . Replace any "\XY" with the corresponding
> . UTF-8 encode the string.
> Broadly, this is RFC 2253 without the UTF-8 encoding
> with all characters < ' ' encoded as "\XY" and any
> "\ " in the full dname replaced with "\20".

Given no objection to my summary/proposal [1], I've
moved the escape of 
whitespace to those only occuring at the end of DNAME
as you proposed:

$Revision: 1.123 $ on $Date: 2001/09/14 16:55:21 $
     * Escape all occurrences of ASCII control
characters (Unicode range
       \x00 - \x [INS: 1f :INS] ) by replacing them
with "\" followed by
       a two digit hex number showing its Unicode
     * [INS: Escape any trailing white space by
replacing "\ " with
       "\20". :INS]


> To be honest, I would be cautious about the text
that we have
> in XMLDSIG; it duplicates material from RFC 2253 and
may lose
> clarity in so doing.

If you'd like to an improvement, please do!

Do You Yahoo!?
Yahoo! Mobile - Jazz up your mobile phone!  Get funky ringtones and logos!

Received on Tuesday, 22 January 2002 22:51:08 UTC