draft-ietf-ldapbis-dn-04.txt   draft-ietf-ldapbis-dn-05.txt 
INTERNET-DRAFT Editor: Kurt D. Zeilenga INTERNET-DRAFT Editor: Kurt D. Zeilenga
Intended Category: Standard Track OpenLDAP Foundation Intended Category: Standard Track OpenLDAP Foundation
Expires: 18 October 2001 18 April 2001 Expires: 29 October 2001 29 April 2001
Obsoletes: 2253 Obsoletes: 2253
Lightweight Directory Access Protocol (v3): Lightweight Directory Access Protocol (v3):
UTF-8 String Representation of Distinguished Names UTF-8 String Representation of Distinguished Names
<draft-ietf-ldapbis-dn-04.txt> <draft-ietf-ldapbis-dn-05.txt>
Status of Memo Status of Memo
This document is an Internet-Draft and is in full conformance with all This document is an Internet-Draft and is in full conformance with all
provisions of Section 10 of RFC2026. provisions of Section 10 of RFC2026.
This document is intended to be, after appropriate review and This document is intended to be, after appropriate review and
revision, submitted to the RFC Editor as a Standard Track document revision, submitted to the RFC Editor as a Standard Track document
replacing RFC 2253. Distribution of this memo is unlimited. replacing RFC 2253. Distribution of this memo is unlimited.
Technical discussion of this document will take place on the IETF LDAP Technical discussion of this document will take place on the IETF LDAP
skipping to change at page 4, line 12 skipping to change at page 4, line 12
STREET streetAddress (2.5.4.9) STREET streetAddress (2.5.4.9)
DC domainComponent (0.9.2342.19200300.100.1.25) DC domainComponent (0.9.2342.19200300.100.1.25)
UID userId (0.9.2342.19200300.100.1.1) UID userId (0.9.2342.19200300.100.1.1)
2.4. Converting an AttributeValue from ASN.1 to a String 2.4. Converting an AttributeValue from ASN.1 to a String
If the AttributeValue is of a type which does not have a string If the AttributeValue is of a type which does not have a string
representation defined for it, then it is simply encoded as an representation defined for it, then it is simply encoded as an
octothorpe character ('#' ASCII 35) followed by the hexadecimal octothorpe character ('#' ASCII 35) followed by the hexadecimal
representation of each of the octets of the BER encoding of the X.500 representation of each of the octets of the BER encoding of the X.500
AttributeValue. This form SHOULD be used if the AttributeType is of AttributeValue. This form SHOULD also be used if the AttributeType is
the dotted-decimal form. of the dotted-decimal form.
Otherwise, if the AttributeValue is of a type which has a string Otherwise, if the AttributeValue is of a type which has a string
representation, the value is converted first to a UTF-8 string representation, the value is converted first to a UTF-8 string
according to its syntax specification (see for example Section 6 of according to its syntax specification (see for example Section 6 of
[RFC2252bis]). [RFC2252bis]).
If the UTF-8 string does not have any of the following characters If the UTF-8 string does not have any of the following characters
which need escaping, then that string can be used as the string which need escaping, then that string can be used as the string
representation of the value. representation of the value.
skipping to change at page 5, line 39 skipping to change at page 5, line 39
; the string MUST NOT start with SHARP or SP ; the string MUST NOT start with SHARP or SP
; and MUST NOT end with SP ; and MUST NOT end with SP
stringchar = <any UTF-8 character (can be multiple octets) stringchar = <any UTF-8 character (can be multiple octets)
except one of escaped or ESC> except one of escaped or ESC>
pair = ESC ( ESC / special / hexpair ) pair = ESC ( ESC / special / hexpair )
special = escaped / SHARP / EQUALS / SP special = escaped / SHARP / EQUALS / SP
escaped = COMMA / PLUS / %x22 / %x3C / %x3E / %3B escaped = COMMA / PLUS / %x22 / %x3C / %x3E / %x3B
; "," / "+" / """ / "<" / ">" / ";" ; "," / "+" / """ / "<" / ">" / ";"
hexstring = SHARP 1*hexpair hexstring = SHARP 1*hexpair
hexpair = HEX HEX hexpair = HEX HEX
HEX = DIGIT / %x41-46 / %x61-66 HEX = DIGIT / %x41-46 / %x61-66
; 0-9 / A-F / a-f ; 0-9 / A-F / a-f
ALPHA = %x41-5A / %x61-7A ALPHA = %x41-5A / %x61-7A
skipping to change at page 8, line 23 skipping to change at page 8, line 23
Applications which require the reconstruction of the DER form of the Applications which require the reconstruction of the DER form of the
value SHOULD NOT use the string representation of attribute syntaxes value SHOULD NOT use the string representation of attribute syntaxes
when converting a distinguished name to the LDAP format. Instead, when converting a distinguished name to the LDAP format. Instead,
they SHOULD use the hexadecimal form prefixed by the octothorpe ('#') they SHOULD use the hexadecimal form prefixed by the octothorpe ('#')
as described in the first paragraph of Section 2.3. as described in the first paragraph of Section 2.3.
5.3. Use of Other Names 5.3. Use of Other Names
Attribute type names are not unique. A string representation Attribute type names are not unique. A string representation
generated with names other than those in Section 2.3 table is generated with names other than those in the Section 2.3 table is
ambiguous. That is, two applications may recognize the string as ambiguous. That is, two applications may recognize the string as
representing two different DNs possibly associated with two different representing two different DNs possibly associated with two different
entries. This may lead to a wide range of unexpected behaviors which entries. This may lead to a wide range of unexpected behaviors which
can have both direct and indirect impact upon security. can have both direct and indirect impacts upon security.
For example, a distinguished name consisting of one RDN with one AVA, For example, a distinguished name consisting of one RDN with one AVA,
in which the type known locally as FOO and the value is of the in which the type known locally as FOO and the value is of the
octetString "BAR" could be represented in LDAP as the string FOO=BAR. octetString "BAR" could be represented in LDAP as the string FOO=BAR.
As the name FOO does not uniquely identify an attribute type, the DN As the name FOO does not uniquely identify an attribute type, the DN
FOO=BAR is ambiguous. That is, FOO could be recognized as the FOO=BAR is ambiguous. That is, FOO could be recognized as the
attribute type 1.1.1 by one application and 1.2.3.4 in another and not attribute type 1.1.1 by one application and 1.2.3.4 in another and not
recognized by another. This may lead to operations not behaving as recognized by another. This may lead to operations not behaving as
intended. intended.
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/