Re: email vs. emailAddress (was Re: wrong defines SN_xyz)
I think that it is not a good idea to go back to the old definition. You're right; I wasn't thinking clearly yesterday :-) -- Harald Koch [EMAIL PROTECTED] It takes a child to raze a village. -Michael T. Fry __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
email vs. emailAddress (was Re: wrong defines SN_xyz)
On Tue, Apr 02, 2002 at 09:25:00AM +0200, Michael Bell wrote: after I found the wrong definitions of SN_surname and SN_serialNumber I looked around and find the next problems in crypto/objects/ : SN_titletitle (now T) SN_description description (now D) SN_givenNamegn(now G) SN_initials initials (now I) LN_uniqueIdentifier x500UniqueIdentifier (now uniqueIdentifier) SN_rfc822Mailboxmail (now rfc822Mailbox) SN_pkcs9_emailAddress emailAddress (now Email) * SN_rfc822Mailbox is not wrong but a short name exists * I don't find a short name for SN_pkcs9_emailAddress. The related RFC only defines a long name I know this patch was old, but I only just tripped over a problem with it; the Microsoft CA still puts email addresses into DNs if you're not careful. Several software packages out there still *use* the short name email in DNs, making it challenging to compare DNs produced by other code with DNs produced by OpenSSL. Is it too late to put the short-form back? -- Harald Koch [EMAIL PROTECTED] It takes a child to raze a village. -Michael T. Fry __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: email vs. emailAddress (was Re: wrong defines SN_xyz)
Harald Koch wrote: On Tue, Apr 02, 2002 at 09:25:00AM +0200, Michael Bell wrote: after I found the wrong definitions of SN_surname and SN_serialNumber I looked around and find the next problems in crypto/objects/ : SN_titletitle (now T) SN_description description(now D) SN_givenNamegn (now G) SN_initials initials (now I) LN_uniqueIdentifier x500UniqueIdentifier (now uniqueIdentifier) SN_rfc822Mailboxmail (now rfc822Mailbox) SN_pkcs9_emailAddress emailAddress (now Email) * SN_rfc822Mailbox is not wrong but a short name exists * I don't find a short name for SN_pkcs9_emailAddress. The related RFC only defines a long name I know this patch was old, but I only just tripped over a problem with it; the Microsoft CA still puts email addresses into DNs if you're not careful. This is not a problem because the OIDs are in the cert and not the name. Several software packages out there still *use* the short name email in DNs, making it challenging to compare DNs produced by other code with DNs produced by OpenSSL. Which packages and why it is a problem to replace the correct emailAddress by email in a string if you have some non-compliant software? The problem is that LDAP-servers uses standardized schemas so email in the DN is a compatibility-break to the standards. It would mean that OpenSSL ignores a standard to be be more compliant with applications which are not standard conform. Is it too late to put the short-form back? I think that it is not a good idea to go back to the old definition. Best regards, Michael -- --- Michael Bell Email (private): [EMAIL PROTECTED] Rechenzentrum - Datacenter Email: [EMAIL PROTECTED] Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482 Unter den Linden 6 Fax: +49 (0)30-2093 2959 10099 Berlin Germany http://www.openca.org __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: wrong defines SN_xyz
Lutz Jaenicke schrieb: On Tue, Apr 02, 2002 at 10:07:27PM +0200, Lutz Jaenicke wrote: On Tue, Apr 02, 2002 at 09:25:00AM +0200, Michael Bell wrote: after I found the wrong definitions of SN_surname and SN_serialNumber I looked around and find the next problems in crypto/objects/ : SN_titletitle (now T) SN_description description (now D) SN_givenNamegn(now G) SN_initials initials (now I) LN_uniqueIdentifier x500UniqueIdentifier (now uniqueIdentifier) SN_rfc822Mailboxmail (now rfc822Mailbox) SN_pkcs9_emailAddress emailAddress (now Email) * SN_rfc822Mailbox is not wrong but a short name exists * I don't find a short name for SN_pkcs9_emailAddress. The related RFC only defines a long name Hmm... I have implemented the changes you recommend, but now I get a warning about a shortname mail to be defined twice. Maybe this was the reason why it was left out... I have attached the patch (including the problem). What do you recommend? Only objects.txt contains all necessary information; run the PERL scripts as used in Makefile.ssl to rebuild the other files. You only want to attach the patch :) The problem is that openssl does some magic things. mail -- internet 7 -- iana 7 -- dod 1 7 -- org 6 1 7 -- iso 3 6 1 7 -- 1.3.6.1.7 So let's start searching for this attribute but it is not an attribute. It is a hole subtree (http://www.alvestrand.no/objectid/1.3.6.1.7.html). Nevertheless the subtree is not part of objects.txt or any other file of OpenSSL so it is not a problem to change the name because mail or Mail was never used a reference. So we can change the name of internet 7 without any problems. I would like a name like internt_mail or internetMail. What do you think? Best Regards, Michael -- --- Michael Bell Email (private): [EMAIL PROTECTED] Rechenzentrum - Datacenter Email: [EMAIL PROTECTED] Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482 Unter den Linden 6 Fax: +49 (0)30-2093 2959 10099 Berlin Germany http://www.openca.org __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: wrong defines SN_xyz
On Wed, Apr 10, 2002 at 12:36:33PM +0200, Michael Bell wrote: Lutz Jaenicke schrieb: On Tue, Apr 02, 2002 at 10:07:27PM +0200, Lutz Jaenicke wrote: On Tue, Apr 02, 2002 at 09:25:00AM +0200, Michael Bell wrote: after I found the wrong definitions of SN_surname and SN_serialNumber I looked around and find the next problems in crypto/objects/ : SN_titletitle (now T) SN_description description (now D) SN_givenNamegn(now G) SN_initials initials (now I) LN_uniqueIdentifier x500UniqueIdentifier (now uniqueIdentifier) SN_rfc822Mailboxmail (now rfc822Mailbox) SN_pkcs9_emailAddress emailAddress (now Email) * SN_rfc822Mailbox is not wrong but a short name exists * I don't find a short name for SN_pkcs9_emailAddress. The related RFC only defines a long name Hmm... I have implemented the changes you recommend, but now I get a warning about a shortname mail to be defined twice. Maybe this was the reason why it was left out... I have attached the patch (including the problem). What do you recommend? Only objects.txt contains all necessary information; run the PERL scripts as used in Makefile.ssl to rebuild the other files. You only want to attach the patch :) Haha, if I would have to pay a fee every time I forget to press the a button... (In fact, that is a problems of the mutt user interface, you cannot press a once you think of the attachement but you have to remember when you finished editing...) The problem is that openssl does some magic things. mail -- internet 7 -- iana 7 -- dod 1 7 -- org 6 1 7 -- iso 3 6 1 7 -- 1.3.6.1.7 So let's start searching for this attribute but it is not an attribute. It is a hole subtree (http://www.alvestrand.no/objectid/1.3.6.1.7.html). Nevertheless the subtree is not part of objects.txt or any other file of OpenSSL so it is not a problem to change the name because mail or Mail was never used a reference. So we can change the name of internet 7 without any problems. I would like a name like internt_mail or internetMail. What do you think? Doen't sound bad. I would say internetMail would fit better into the usual naming scheme... Best regards, Lutz PS. Yesterday's attachement attached :-) -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus Index: objects.txt === RCS file: /e/openssl/cvs/openssl/crypto/objects/objects.txt,v retrieving revision 1.20.2.3 diff -u -r1.20.2.3 objects.txt --- objects.txt 2002/04/04 17:49:39 1.20.2.3 +++ objects.txt 2002/04/09 19:51:14 @@ -96,7 +96,7 @@ pkcs 9 : pkcs9 !module pkcs9 -pkcs9 1: Email : emailAddress +pkcs9 1: : emailAddress pkcs9 2: : unstructuredName pkcs9 3: : contentType pkcs9 4: : messageDigest @@ -534,12 +534,12 @@ X509 8 : ST: stateOrProvinceName X509 10: O : organizationName X509 11: OU: organizationalUnitName -X509 12: T : title -X509 13: D : description +X509 12: : title +X509 13: : description X509 41: name : name -X509 42: G : givenName -X509 43: I : initials -X509 45: : uniqueIdentifier +X509 42: gn: givenName +X509 43: : initials +X509 45: : x500UniqueIdentifier X509 46: dnQualifier : dnQualifier X509 72: role : role @@ -703,7 +703,7 @@ pilotObjectClass 22: : qualityLabelledData pilotAttributeType 1 : UID : userId pilotAttributeType 2 : : textEncodedORAddress -pilotAttributeType 3 : : rfc822Mailbox +pilotAttributeType 3 : mail : rfc822Mailbox pilotAttributeType 4 : info pilotAttributeType 5 : : favouriteDrink pilotAttributeType 6 : : roomNumber
Re: wrong defines SN_xyz
Lutz Jaenicke schrieb: Doen't sound bad. I would say internetMail would fit better into the usual naming scheme... I would prefer it too. Best Regards, Michael -- --- Michael Bell Email (private): [EMAIL PROTECTED] Rechenzentrum - Datacenter Email: [EMAIL PROTECTED] Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482 Unter den Linden 6 Fax: +49 (0)30-2093 2959 10099 Berlin Germany http://www.openca.org __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: wrong defines SN_xyz
On Wed, Apr 10, 2002 at 01:13:05PM +0200, Michael Bell wrote: Lutz Jaenicke schrieb: Doen't sound bad. I would say internetMail would fit better into the usual naming scheme... I would prefer it too. Hmm. Just had another look into RFC1700... Even though it is not yet used in objects.txt, we will run into a problem once the first people start trying to use the subtree... Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: wrong defines SN_xyz
On Tue, Apr 02, 2002 at 10:07:27PM +0200, Lutz Jaenicke wrote: On Tue, Apr 02, 2002 at 09:25:00AM +0200, Michael Bell wrote: after I found the wrong definitions of SN_surname and SN_serialNumber I looked around and find the next problems in crypto/objects/ : SN_titletitle (now T) SN_description description (now D) SN_givenNamegn(now G) SN_initials initials (now I) LN_uniqueIdentifier x500UniqueIdentifier (now uniqueIdentifier) SN_rfc822Mailboxmail (now rfc822Mailbox) SN_pkcs9_emailAddress emailAddress (now Email) * SN_rfc822Mailbox is not wrong but a short name exists * I don't find a short name for SN_pkcs9_emailAddress. The related RFC only defines a long name Hmm... I have implemented the changes you recommend, but now I get a warning about a shortname mail to be defined twice. Maybe this was the reason why it was left out... I have attached the patch (including the problem). What do you recommend? Only objects.txt contains all necessary information; run the PERL scripts as used in Makefile.ssl to rebuild the other files. Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: wrong defines SN_xyz
From: Lutz Jaenicke [EMAIL PROTECTED] Lutz.Jaenicke On Tue, Apr 02, 2002 at 09:25:00AM +0200, Michael Bell wrote: Lutz.Jaenicke after I found the wrong definitions of SN_surname and SN_serialNumber I Lutz.Jaenicke looked around and find the next problems in crypto/objects/ : Lutz.Jaenicke Lutz.Jaenicke SN_titletitle(now T) Lutz.Jaenicke SN_description description (now D) Lutz.Jaenicke SN_givenNamegn (now G) Lutz.Jaenicke SN_initials initials (now I) Lutz.Jaenicke LN_uniqueIdentifier x500UniqueIdentifier (now uniqueIdentifier) Lutz.Jaenicke SN_rfc822Mailboxmail (now rfc822Mailbox) Lutz.Jaenicke SN_pkcs9_emailAddress emailAddress (now Email) Lutz.Jaenicke Lutz.Jaenicke * SN_rfc822Mailbox is not wrong but a short name exists Lutz.Jaenicke * I don't find a short name for SN_pkcs9_emailAddress. The related RFC Lutz.Jaenicke only defines a long name Lutz.Jaenicke Lutz.Jaenicke Is it necessary to check all defines because of the many errors or are Lutz.Jaenicke only common attributes affected (and now fixed)? Lutz.Jaenicke Lutz.Jaenicke To be fair: I never touched this thing before and I am not too familiar Lutz.Jaenicke with these RFCs. But obviously nobody else of the team picked up the topic Lutz.Jaenicke (yet). I can promise you to add your email to my TODO list, but I cannot Lutz.Jaenicke promise you a time until when I will find the time to dig into this Lutz.Jaenicke issue... Something to keep mind is that there are other sources of info than the RFCs. The set of attribute types presented isn't even necessarely complete within the modules they present. Other sources of information are ITU-T docoments (X.nnn), NIST documents and various others. Everyone owning an arc within the private enterprise arc optimally have a document for their arc, but the's usually less interesting... -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]