[glue-wg] DN format anomaly
Florido Paganelli
florido.paganelli at hep.lu.se
Thu Jan 31 12:24:35 EST 2013
Hi all,
On 2013-01-31 17:55, stephen.burke at stfc.ac.uk wrote:
> JP Navarro [mailto:navarro at mcs.anl.gov] said:
>> It would appear there is no RFC. We have a choice to make on whether to
>> change GLUE 2 to be compliant with an RFC, or keep things the way they are
>> to be compatible with an old de-facto standard. Both option have impacts of
>> different sorts.
>
> With our current middleware I think it doesn't make sense to use anything other than the openssl format in GLUE, it would mean having format converters in both directions which would be highly error-prone, there are lots of subtleties. You could argue that the entire middleware should change, but I think that would be about as likely as the UK changing to driving on the right!
>
> Stephen
>
I think the same as Stephen. And to be practical, these fields are only
used by middlewares to check against certificates DN written in the same
format. I think for an extension we can imagine something smarter, but
for the moment we should leave it like that. It's just then difficult to
formally define the content of that field now.... also because of the
reverse order that ldap dn impose :P
Cheers,
--
Florido Paganelli
Lund University - Particle Physics
ARC Middleware
EMI Project
More information about the glue-wg
mailing list