[glue-wg] DN format anomaly
Florido Paganelli
florido.paganelli at hep.lu.se
Thu Jan 31 05:53:18 EST 2013
Hi all,
I submitted a request to some people doing security development, and it
turs out that the forward slash notation is only openssl notation.
I am googling here and there but the forward slash notation does not
seems to exist in any RFC.
I really wonder why openssl guys went that way, then...
I asked for a openssl reference document. Maybe we can find more
pointers there. Well, this in kinda embarassing now, me myself I never
went through the RFC to actually check it was as defined on page 71 of
GFD147 (*blush*)
Cheers,
Florido
On 2013-01-31 11:13, Maarten Litmaath wrote:
> Hi all,
>
>> Paul Millar raised an issue about DNs. The schema has two attributes,
>> IssuerCA and TrustedCA, with type DN_t, defined as:
>>
>> "Distinguished Name as defined by RFC 4514
>> (http://www.rfc-editor.org/rfc/rfc4514.txt). X.509 uses a X.500
>> namespace, represented as several Relative Domain-Names (RDNs)
>> concatenated by forward-slashes. The final RDN is usually a single
>> common name (CN), although multiple CNs are allowed."
>>
>> What I expect is the usual globus/openssl-style format like
>>
>> /C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA 2B
>>
>> and that is indeed what's being published in EGI. The text of the
>> definition above agrees with that. However, RFC 4514 is in fact the
>> definition of LDAP DNs, which of course look like
>>
>> GLUE2DomainID=UKI-SOUTHGRID-BHAM-HEP,GLUE2GroupID=grid,o=glue
>>
>> i.e. comma-delimited and in the reverse order. The reference to RFC
>> 4514 looks like a mistake to me - any thoughts?
>
> A mistake indeed. What would be the correct RFC?
> _______________________________________________
> glue-wg mailing list
> glue-wg at ogf.org
> https://www.ogf.org/mailman/listinfo/glue-wg
--
Florido Paganelli
Lund University - Particle Physics
ARC Middleware
EMI Project
More information about the glue-wg
mailing list