Hi all, On 01/31/2013 05:55 PM, stephen.burke@stfc.ac.uk wrote:
JP Navarro [mailto:navarro@mcs.anl.gov] said:
It would appear there is no RFC. We have a choice to make on whether to change GLUE 2 to be compliant with an RFC, or keep things the way they are to be compatible with an old de-facto standard. Both option have impacts of different sorts.
With our current middleware I think it doesn't make sense to use anything other than the openssl format in GLUE, it would mean having format converters in both directions which would be highly error-prone, there are lots of subtleties. You could argue that the entire middleware should change, but I think that would be about as likely as the UK changing to driving on the right!
Actually, I disagree. GLUE-2 is a standard, or is meant to be one. If it says "use this format" then that format must be defined in precise language, or we point to where it is defined. Yet here we have a problem. The OpenSSL/Globus format simple isn't defined. There's some incomplete, partial definitions out there. It has ambiguous, with the potential for different software resolving these ambiguities in different ways. The format isn't even constant, but has evolved over the lifetime of the OpenSSL library. ... and you want to base a standard on this? OK, so you do. Since there's no document, we would need to write down precisely what we mean by OpenSSL-DNs, for example as Appendix C in the document. Next we would try to insist that all software adopts our definition of a (ASCII? UTF-8?) DN representation. My bet is on the software ignoring Appendix C in favour of what the OpenSSL library happens to do (this release of the library, anyway), what Globus libraries do, what CANL does, what ... ... yup, so this also doesn't work. So, what can we do? Adopt a standardised format, say, one published as an RFC. Yes, this means that publishing DNs will be a bit of pain, but probably not *that* much of a pain, since libraries exist for representing DNs in standard formats. (That's why standards are good! ;-) That we've been doing it wrong for a long time doesn't mean it becomes right; and GLUE 2 is an excellent opportunity to fix such mistakes. As usual, just my 2c worth, Paul.