SPKM3 Issues
From Linux NFS
Names in SPKM3
One of the main issues SPKM3 draft needs to address is naming. X500 distinguished name has no predefined canonical form. rfc2253 defines a string representation of an X500 distinguished name but it is not in a canonical form. it imposes no ordering of multi-valued RDNs. rfc2253 does not take care of white spaces. in the SPKM3 draft, we take care of such issues. however, it is still not possible to have printable canonical names. some implementation may lack an OID-to-string translation for an attribute present in an X500 distinguished name. in such case, rfc2253 proposes to use the hex value of the OID (for more details see rfc2253). however, der-encoded rfc2253 gets us closer to a canonical binary representation of an X500 distinguished name.
-- issue: case sensitivity. each RDN's AttributeValueAssertion (AVA) can define its own matching rules. for instance, it can state that values of this attribute are case insensitive. can we just declare that values are always case insensitive.
rfc2743 defines three name classes: an internal name (special case being a mechanism name), contiguous ("flat") name, and an exported name (canonicalized name). for spkm3, contiguous name is an rfc2253 string representation of the DN order