[glue-wg] DN format anomaly
Maarten Litmaath
Maarten.Litmaath at cern.ch
Thu Jan 31 05:13:44 EST 2013
Hi all,
> Paul Millar raised an issue about DNs. The schema has two attributes, IssuerCA and TrustedCA, with type DN_t, defined as:
>
> "Distinguished Name as defined by RFC 4514 (http://www.rfc-editor.org/rfc/rfc4514.txt). X.509 uses a X.500 namespace, represented as several Relative Domain-Names (RDNs) concatenated by forward-slashes. The final RDN is usually a single common name (CN), although multiple CNs are allowed."
>
> What I expect is the usual globus/openssl-style format like
>
> /C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA 2B
>
> and that is indeed what's being published in EGI. The text of the definition above agrees with that. However, RFC 4514 is in fact the definition of LDAP DNs, which of course look like
>
> GLUE2DomainID=UKI-SOUTHGRID-BHAM-HEP,GLUE2GroupID=grid,o=glue
>
> i.e. comma-delimited and in the reverse order. The reference to RFC 4514 looks like a mistake to me - any thoughts?
A mistake indeed. What would be the correct RFC?
More information about the glue-wg
mailing list