You say below that the type information is lost under RFC 2253, as if it is
preservered under RFC 1779. It is not. The discussion in RFC 2253 applies to
*all* LDAP DNs - it's a consequence of the string representation. It is
therefore not possible to tell if the encoding of an AVA is T.61 or not.
Conversion to UTF-8 is probably the only way to make it unambiguous.
> -----Original Message-----
> From: Chris Ridd [SMTP:[EMAIL PROTECTED]]
> Sent: Friday, 5 November 1999 19:34
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Re: DN formats
>
> On 03 Nov 1999 20:04:07 EST, William M. Perry wrote:
> > "Ramsay, Ron" <[EMAIL PROTECTED]> writes:
> >
> > > I don't have an opinion on producing LDAP DNs but I think you should
> use
> > > the v3 form (RFC 2253) rather than the v2 form.
> >
> > Well, 1485 is obsoleted by 1779, which is then in turn obsoleted by
> 2253.
> > I'd say go with the least obsolete format, which seems to be 2253, which
> is
> > useful outside of LDAP.
> >
> > -Bill P.
>
> Yes, I considered RFC 2253. The problem with this is that all the
> attribute values will need to be converted into UTF-8.
>
> The problem with that is two-fold:
>
> 1) Converting T.61 into Unicode is non-trivial;
> 2) Useful type information is lost, ie was the value
> PrintableString/T.61/etc. See RFC 2253 section 7.2 for some discussion
> on this, and why this is a problem.
>
> I think the conversion problem is the worst problem. To avoid problem 2
> the string DN could have the hex form, however that wouldn't make it
> IMO a very useful string.
>
> We'd also potentially run into the problem with some vendors assuming
> that T.61 doesn't actually mean T.61, it means ISO-8859-1. So
> converting these bogus "T.61" values would produce UTF-8 with bogus
> characters.
>
> Sticking with RFC 1779 means problem 1 goes away, but a third problem
> appears:
>
> 2) BMPString/UniversalString values can't be represented.
>
> There appear to be some changes in the CVS repository to move towards
> supporting the BMPString choice of DirectoryString.
>
> Cheers,
>
> Chris
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
