On Thu, 7 Mar 1996 peter%verisign(_dot_)com(_at_)bcars735 wrote:
does anyone know if the Internet string format for DNs has ben
extended in a std way with string type-indicators to encompass
universal and possible bmpstring types?
There is an escape mechanism defined in RFC 1779 for use when attribute
values in a DN that contain characters used as separators or quote
characters of the RFC 1779 representation, e.g., a value containing '+'.
This escape mechanism calls for the value in question to be encoded as the
printable hex representation of the BER encoding of the value's ASN.1;
this mechanism preserves the string type.
This does not answer your question directly: yes, there is an escape
mechanism which does what you want, but, according to RFC 1779, it is used
only when a string contains characters that are special to RFC 1779, not
when the string contains characters from other, multi-byte, character
sets.
However! The drafts for new versions of LDAP and the representation of
attributes are available; in my comments, I requested that the use of the
escape mechanism be extended to cover the case where a client application
wishes to obtain the ASN.1 for all values in a DN.
Since this is a reasonable request (IMHO, :->), I expect that we'll find
someway of incorporating it into LDAPv3.
LDAPv3 is being discussed on ietf-asid(_at_)umich(_dot_)edu; subscribe to
ietf-asid-request(_at_)umich(_dot_)edu(_dot_) I'm sure there is an archive,
I'm not sure
where, sorry.
A note on LDAPv3: for LDAPv3, attribute syntaxes of interest to this list
(Certificate, RevocationList, CertificatePair) will be encoded as the
printed hex rep. of the BER encoded ASN.1, not as strings. This is, of
course, a good thing....
pww
Peter Whittaker [~~~~~~~~~~~~~~~~~~~~~~~~~~] X.500 Specialist
pww(_at_)entrust(_dot_)com [ http://www.entrust.com ] Nortel Secure
Networks
Ph: +1 613 765 2064 [ ] P.O. Box 3511, Station C
FAX:+1 613 765 3520 [__________________________] Ottawa, Canada, K1Y 4H7