On 03 Nov 1999 20:04:07 EST, William M. Perry wrote:
> "Ramsay, Ron" <[EMAIL PROTECTED]> writes:
>
> > I don't have an opinion on producing LDAP DNs but I think you should use
> > the v3 form (RFC 2253) rather than the v2 form.
>
> Well, 1485 is obsoleted by 1779, which is then in turn obsoleted by 2253.
> I'd say go with the least obsolete format, which seems to be 2253, which is
> useful outside of LDAP.
>
> -Bill P.
Yes, I considered RFC 2253. The problem with this is that all the
attribute values will need to be converted into UTF-8.
The problem with that is two-fold:
1) Converting T.61 into Unicode is non-trivial;
2) Useful type information is lost, ie was the value
PrintableString/T.61/etc. See RFC 2253 section 7.2 for some discussion
on this, and why this is a problem.
I think the conversion problem is the worst problem. To avoid problem 2
the string DN could have the hex form, however that wouldn't make it
IMO a very useful string.
We'd also potentially run into the problem with some vendors assuming
that T.61 doesn't actually mean T.61, it means ISO-8859-1. So
converting these bogus "T.61" values would produce UTF-8 with bogus
characters.
Sticking with RFC 1779 means problem 1 goes away, but a third problem
appears:
2) BMPString/UniversalString values can't be represented.
There appear to be some changes in the CVS repository to move towards
supporting the BMPString choice of DirectoryString.
Cheers,
Chris
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
