Re: Test Vectors for DName encoding from Tom Gindin on 2002-03-21 (w3c-ietf-xmldsig@w3.org from January to March 2002)

From: Tom Gindin <tgindin@us.ibm.com>
Date: Thu, 21 Mar 2002 08:12:10 -0500
To: "Gregor Karlinger" <gregor.karlinger@cio.gv.at>
Cc: "Joseph M. Reagle Jr. (Joseph M. Reagle Jr.)" <reagle@w3.org>, "'Merlin Hughes'" <merlin@baltimore.ie>, "XMLSigWG" <w3c-ietf-xmldsig@w3.org>
Message-ID: <OF39546E38.435C69D4-ON85256B83.0048450D@pok.ibm.com>

      I see one minor issue with the spec below.  Shouldn't ASCII control
characters be <= 0x1F rather than <= 0x19?  The same applies to unescaped
whitespace.  Probably I should have gotten this comment in during spec
review, but better late than never.

            Tom Gindin

"Gregor Karlinger" <gregor.karlinger@cio.gv.at>@w3.org on 03/21/2002
04:46:44 AM

Sent by:    w3c-ietf-xmldsig-request@w3.org


To:    "Joseph M. Reagle Jr. (Joseph M. Reagle Jr.)" <reagle@w3.org>,
       "'Merlin Hughs'" <merlin@baltimore.ie>
cc:    "XMLSigWG" <w3c-ietf-xmldsig@w3.org>
Subject:    Test Vectors for DName encoding



Hi all,

please find below some test vectors for DName encoding. They
should demonstrate my understanding of the corresponding rules
in section 4.4.4.


1. Space escaping
-----------------

<DName>
  <RDN>
    <AVA>
      <Type>CN</Type>
      <Value>  Wolfgang  </Value>
    </AVA>
    <AVA>
      <Type>CN</Type>
      <Value>  Amadeus  </Value>
    </AVA>
   </RDN>
<DName>

RFC 2253: "CN=\  Wolfgang \ +CN=\  Amadeus \ "

XMLDSIG: "CN=\  Wolfgang \ +CN=\  Amadeus \20" or
         "    CN=\  Wolfgang \ +CN=\  Amadeus \20    "

Demonstrates:

  - Basic rules are specified in RFC 2253 (escape a
    space at the beginning and at the end of an
    attributeValue string)

  - XMLDSIG rule: Escape a space at the end of the
    whole DName string with "\20" instead of "\ "

  - XMLDSIG rule: Unescaped whitespace (ascii characters
    <= 0x19) will be removed from the begining and from
    the end of the DName string when converting it into
    a DName.

2. Escaping of special characters
---------------------------------

<DName>
  <RDN>
    <AVA>
      <Type>O</Type>
      <Value>Foo, Inc.</Value>
    </AVA>
  </RDN>
  <RDN>
    <AVA>
      <Type>CN</Type>
      <Value>Herbert "The Cat"</Value>
    </AVA>
     <AVA>
      <Type>CN</Type>
      <Value>Miller <miller@foo.org></Value>
    </AVA>
  </RDN>
<DName>

RFC2253: "O=Foo\, Inc.,CN=Herbert \"The Cat\"+CN=Miller
\<miller@foo.org\>"

XMLDSIG: "O=Foo\, Inc.,CN=Herbert \"The Cat\"+CN=Miller
\<miller@foo.org\>"

Demonstrates:

  - Basic rules are specified in RFC 2253 (escape special characters
    ",", "+", """, "\", "<", ">" or ";" in an attributeValue string)

  - XMLDSIG does not specify any additional rules here

3. Escaping of ascii control characters
---------------------------------------

Remark: The unicode characters xA and xD will be escaped in the
XML structure showing the test vector with "&#xA;" and "&#xD;".

<DName>
  <RDN>
    <AVA>
      <Type>CN</Type>
      <Value>down&#xA;down&#xA;back and
down&#xD;&#xA;down&#xA;stop</Value>
    </AVA>
   </RDN>
<DName>

RFC2253: "down
              down
                  back and down
down
    stop"

XMLDSIG: "down\0Adown\0Aback and down\0D\0Adown\0Astop"

Demonstrates:

  - RFC2253 does not mandate escaping of ascii control characters.

  - XMLDSIG specifies the additional rule that all ascii control
characters
    (<= 0x19) have to be escaped by a "\" followed to hex characters.

4. Escaping of characters >= 0x80
---------------------------------

Remarks:
ö = unicode character 0xF6 (latin small letter o with diaeresis)
ü = unicode character 0xFC (latin small letter u with diaeresis)
Consider the XML structure as being encoded using ISO 8859-1
Consider the XMLDSIG DName string as being encoded using ISO 8859-1


<DName>
  <RDN>
    <AVA>
      <Type>CN</Type>
      <Value>Jörg Müller</Value>
    </AVA>
   </RDN>
<DName>

RFC2253: "JÃ¶rg MÃ¼ller" or
         "J\C3\B6rg M\C3\BCller"

XMLDSIG: "Jörg Müller"

Demonstrates:
-------------

  - RFC2253 does not mandate to escape any other characters than
    the ones listed in section 2.4 of RFC 2253, so any other chars
    are simply encoded as UTF-8 String (first variant).

  - But RFC2253 allows to escape any other bytes using "\" and
    two hex digit numbers (second variant).

  - XMLDSIG does not encode the DName strings in UTF-8. DNames are
    expressed in characters rather than in bytes. For that reason
    XMLDISG does NOT RECOMMEND escaping of characters >=0x80, since
    it is simply not necessary and worsens readability.

Liebe Gruesse/Regards,
---------------------------------------------------------------
DI Gregor Karlinger
mailto:gregor.karlinger@iaik.at
http://www.iaik.at
Phone +43 316 873 5541
Institute for Applied Information Processing and Communications
Austria
---------------------------------------------------------------

Attachments

application/octet-stream attachment: smime.p7s

Received on Thursday, 21 March 2002 08:13:03 UTC