PKITS Question

Subject: PKITS Question
From: "Seth Hitchings" <shitchings@corestreet.com>
Date: Mon, 13 Jun 2005 15:40:29 -0400
Content-class: urn:content-classes:message
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=SHA1; boundary="----=_NextPart_000_026F_01C5702E.3AA69790"
Thread-Index: AcVwT8GzcpgfFgIDQTqaponw9E5X2g==
Thread-Topic: PKITS Question

Hi all,

I'm running PKITS 4.3.11, "Valid UTF8String Case Insensitive Match Test11", and I'm
wondering why the test expects path validation software to ignore case and whitespace in
UTF8String encoded names.

Section 4.1.2.4 of RFC 3280 seems to contradict this expectation:

   Conforming implementations are REQUIRED to implement the following
   name comparison rules:

      (a)  attribute values encoded in different types (e.g.,
      PrintableString and BMPString) MAY be assumed to represent
      different strings;

      (b) attribute values in types other than PrintableString are case
      sensitive (this permits matching of attribute values as binary
      objects);

      (c)  attribute values in PrintableString are not case sensitive
      (e.g., "Marianne Swanson" is the same as "MARIANNE SWANSON"); and

      (d)  attribute values in PrintableString are compared after
      removing leading and trailing white space and converting internal
      substrings of one or more consecutive white space characters to a
      single space.

Since (b) above explicitly requires that UTF8Strings be compared in a case-sensitive
manner, I don't see how path validation software that conforms to RFC 3280 could pass test
4.3.11.

Thanks,

Seth Hitchings
CoreStreet, Ltd.

smime.p7s

Follow-Ups:
- Re: PKITS Question
  - From: "David A. Cooper" <david.cooper@nist.gov>

Prev by Date: Corrected path discovery test suite data posted
Next by Date: Re: PKITS Question
Prev by thread: Re: X509 Path Discovery Test 4.1.1.10
Next by thread: Re: PKITS Question

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov