Task #2266
Story #2265: Handling of serialized DNs
Determine how DNs should be serialized and compared in v1.
100%
Description
Certificates store Distinguished Names as a sequence of Relative Distinguished Names (RDN). Each RDN stores an sequence of AttributeTypes and AttributeValues. Whenever a DN is serialized to a string, a set of conventions are applied as to:
- the ordering of the values
- the spacing between elements and values
- the case of the type
- the delimiters used between values and types
- the delimiters between separate RDNs
To reliably compare serialized DNs when they are passed between DataONE components, for instance in the SubjectInfo type, we need to either tightly specify the serialization conventions to use or to use comparison functions that account for possible different representations of the same DN.
OpenSSL has an option called nameopt. Specifying "RFC2253" in this option selects a specific set of DN serialization settings: esc_2253, esc_ctrl, esc_msb, utf8, dump_nostr, dump_unknown, dump_der, sep_comma_plus, dn_rev and sname. This may a good choice or starting point for selecting a serialization format for DataONE, if that is what we decide to do.
See also: http://www.ietf.org/rfc/rfc2253.txt
History
#1 Updated by Matthew Jones over 12 years ago
There are several encoding variants even within some of these serialization standards, and differences among libraries. Ben evaluated these and made a serialization decision, which has been encoded in the DN comparison functions in the identity manager, so MNs and other code should follow that decision for consistency. Ben should be able to clarify what he used as a standard.
#2 Updated by Skye Roseboom over 9 years ago
- Status changed from New to Closed
- translation missing: en.field_remaining_hours set to 0.0