Hi all, I submitted a request to some people doing security development, and it turs out that the forward slash notation is only openssl notation. I am googling here and there but the forward slash notation does not seems to exist in any RFC. I really wonder why openssl guys went that way, then... I asked for a openssl reference document. Maybe we can find more pointers there. Well, this in kinda embarassing now, me myself I never went through the RFC to actually check it was as defined on page 71 of GFD147 (*blush*) Cheers, Florido On 2013-01-31 11:13, Maarten Litmaath wrote:
Hi all,
Paul Millar raised an issue about DNs. The schema has two attributes, IssuerCA and TrustedCA, with type DN_t, defined as:
"Distinguished Name as defined by RFC 4514 (http://www.rfc-editor.org/rfc/rfc4514.txt). X.509 uses a X.500 namespace, represented as several Relative Domain-Names (RDNs) concatenated by forward-slashes. The final RDN is usually a single common name (CN), although multiple CNs are allowed."
What I expect is the usual globus/openssl-style format like
/C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA 2B
and that is indeed what's being published in EGI. The text of the definition above agrees with that. However, RFC 4514 is in fact the definition of LDAP DNs, which of course look like
GLUE2DomainID=UKI-SOUTHGRID-BHAM-HEP,GLUE2GroupID=grid,o=glue
i.e. comma-delimited and in the reverse order. The reference to RFC 4514 looks like a mistake to me - any thoughts?
A mistake indeed. What would be the correct RFC? _______________________________________________ glue-wg mailing list glue-wg@ogf.org https://www.ogf.org/mailman/listinfo/glue-wg
-- Florido Paganelli Lund University - Particle Physics ARC Middleware EMI Project