- From: Tom Gindin <tgindin@us.ibm.com>
- Date: Thu, 21 Mar 2002 08:12:10 -0500
- To: "Gregor Karlinger" <gregor.karlinger@cio.gv.at>
- Cc: "Joseph M. Reagle Jr. (Joseph M. Reagle Jr.)" <reagle@w3.org>, "'Merlin Hughes'" <merlin@baltimore.ie>, "XMLSigWG" <w3c-ietf-xmldsig@w3.org>
- Message-ID: <OF39546E38.435C69D4-ON85256B83.0048450D@pok.ibm.com>
I see one minor issue with the spec below. Shouldn't ASCII control characters be <= 0x1F rather than <= 0x19? The same applies to unescaped whitespace. Probably I should have gotten this comment in during spec review, but better late than never. Tom Gindin "Gregor Karlinger" <gregor.karlinger@cio.gv.at>@w3.org on 03/21/2002 04:46:44 AM Sent by: w3c-ietf-xmldsig-request@w3.org To: "Joseph M. Reagle Jr. (Joseph M. Reagle Jr.)" <reagle@w3.org>, "'Merlin Hughs'" <merlin@baltimore.ie> cc: "XMLSigWG" <w3c-ietf-xmldsig@w3.org> Subject: Test Vectors for DName encoding Hi all, please find below some test vectors for DName encoding. They should demonstrate my understanding of the corresponding rules in section 4.4.4. 1. Space escaping ----------------- <DName> <RDN> <AVA> <Type>CN</Type> <Value> Wolfgang </Value> </AVA> <AVA> <Type>CN</Type> <Value> Amadeus </Value> </AVA> </RDN> <DName> RFC 2253: "CN=\ Wolfgang \ +CN=\ Amadeus \ " XMLDSIG: "CN=\ Wolfgang \ +CN=\ Amadeus \20" or " CN=\ Wolfgang \ +CN=\ Amadeus \20 " Demonstrates: - Basic rules are specified in RFC 2253 (escape a space at the beginning and at the end of an attributeValue string) - XMLDSIG rule: Escape a space at the end of the whole DName string with "\20" instead of "\ " - XMLDSIG rule: Unescaped whitespace (ascii characters <= 0x19) will be removed from the begining and from the end of the DName string when converting it into a DName. 2. Escaping of special characters --------------------------------- <DName> <RDN> <AVA> <Type>O</Type> <Value>Foo, Inc.</Value> </AVA> </RDN> <RDN> <AVA> <Type>CN</Type> <Value>Herbert "The Cat"</Value> </AVA> <AVA> <Type>CN</Type> <Value>Miller <miller@foo.org></Value> </AVA> </RDN> <DName> RFC2253: "O=Foo\, Inc.,CN=Herbert \"The Cat\"+CN=Miller \<miller@foo.org\>" XMLDSIG: "O=Foo\, Inc.,CN=Herbert \"The Cat\"+CN=Miller \<miller@foo.org\>" Demonstrates: - Basic rules are specified in RFC 2253 (escape special characters ",", "+", """, "\", "<", ">" or ";" in an attributeValue string) - XMLDSIG does not specify any additional rules here 3. Escaping of ascii control characters --------------------------------------- Remark: The unicode characters xA and xD will be escaped in the XML structure showing the test vector with "
" and "
". <DName> <RDN> <AVA> <Type>CN</Type> <Value>down
down
back and down
down
stop</Value> </AVA> </RDN> <DName> RFC2253: "down down back and down down stop" XMLDSIG: "down\0Adown\0Aback and down\0D\0Adown\0Astop" Demonstrates: - RFC2253 does not mandate escaping of ascii control characters. - XMLDSIG specifies the additional rule that all ascii control characters (<= 0x19) have to be escaped by a "\" followed to hex characters. 4. Escaping of characters >= 0x80 --------------------------------- Remarks: ö = unicode character 0xF6 (latin small letter o with diaeresis) ü = unicode character 0xFC (latin small letter u with diaeresis) Consider the XML structure as being encoded using ISO 8859-1 Consider the XMLDSIG DName string as being encoded using ISO 8859-1 <DName> <RDN> <AVA> <Type>CN</Type> <Value>Jörg Müller</Value> </AVA> </RDN> <DName> RFC2253: "Jörg Müller" or "J\C3\B6rg M\C3\BCller" XMLDSIG: "Jörg Müller" Demonstrates: ------------- - RFC2253 does not mandate to escape any other characters than the ones listed in section 2.4 of RFC 2253, so any other chars are simply encoded as UTF-8 String (first variant). - But RFC2253 allows to escape any other bytes using "\" and two hex digit numbers (second variant). - XMLDSIG does not encode the DName strings in UTF-8. DNames are expressed in characters rather than in bytes. For that reason XMLDISG does NOT RECOMMEND escaping of characters >=0x80, since it is simply not necessary and worsens readability. Liebe Gruesse/Regards, --------------------------------------------------------------- DI Gregor Karlinger mailto:gregor.karlinger@iaik.at http://www.iaik.at Phone +43 316 873 5541 Institute for Applied Information Processing and Communications Austria ---------------------------------------------------------------
Attachments
- application/octet-stream attachment: smime.p7s
Received on Thursday, 21 March 2002 08:13:03 UTC