directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lécharny <>
Subject Re: [VOTE] Apache LDAP API 1.0.0-M33 release
Date Fri, 18 Dec 2015 09:50:17 GMT
Le 18/12/15 10:34, Zheng, Kai a écrit :
> Got it, thank for the clarifying. 
> Would you point to the main RFC spec that contains the ASN1 definition the library implements?
I would take a look and see what kerby-asn1 still lacks for it. 

There is no such RFC. The only place where something related to ASN.1 is
explicited is in RFC 4511 :

4.  Elements of Protocol

   The protocol is described using Abstract Syntax Notation One
   ([ASN.1]) and is transferred using a subset of ASN.1 Basic Encoding
   Rules ([BER]).  Section 5 specifies how the protocol elements are
   encoded and transferred.

and specifically :

5.1.  Protocol Encoding

   The protocol elements of LDAP SHALL be encoded for exchange using the
   Basic Encoding Rules [BER] of [ASN.1] with the following

   - Only the definite form of length encoding is used.

   - OCTET STRING values are encoded in the primitive form only.

   - If the value of a BOOLEAN type is true, the encoding of the value
     octet is set to hex "FF".

   - If a value of a type is its default value, it is absent.  Only some
     BOOLEAN and INTEGER types have default values in this protocol

   These restrictions are meant to ease the overhead of encoding and
   decoding certain elements in BER.

   These restrictions do not apply to ASN.1 types encapsulated inside of
   OCTET STRING values, such as attribute values, unless otherwise

So to speak, this is just a subset of the BER encoding. Note that
Kerberos uses a slightly different encoding : DER.

View raw message