[glue-wg] DN format anomaly
stephen.burke at stfc.ac.uk
stephen.burke at stfc.ac.uk
Wed Jan 30 19:20:58 EST 2013
Hi all,
Paul Millar raised an issue about DNs. The schema has two attributes, IssuerCA and TrustedCA, with type DN_t, defined as:
"Distinguished Name as defined by RFC 4514 (http://www.rfc-editor.org/rfc/rfc4514.txt). X.509 uses a X.500 namespace, represented as several Relative Domain-Names (RDNs) concatenated by forward-slashes. The final RDN is usually a single common name (CN), although multiple CNs are allowed."
What I expect is the usual globus/openssl-style format like
/C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA 2B
and that is indeed what's being published in EGI. The text of the definition above agrees with that. However, RFC 4514 is in fact the definition of LDAP DNs, which of course look like
GLUE2DomainID=UKI-SOUTHGRID-BHAM-HEP,GLUE2GroupID=grid,o=glue
i.e. comma-delimited and in the reverse order. The reference to RFC 4514 looks like a mistake to me - any thoughts?
Stephen
--
Scanned by iCritical.
More information about the glue-wg
mailing list