RE: ASN.1 types for Distinguished names (was: Re: Distinguished names and

Peter Whittaker <pww@entrust.com> Wed, 02 April 1997 18:21 UTC

Message-ID: <c=CA%a=_%p=NorTel_Secure_Ne%l=GRANNY-970402181428Z-36727@bwdldb.ott.bnr.ca>
From: Peter Whittaker <pww@entrust.com>
To: "'Holger.Reif@PrakInf.TU-Ilmenau.DE'" <Holger.Reif@PrakInf.TU-Ilmenau.DE>, 'Brian Korver' <briank@terisa.com>
Cc: "'ietf-pkix@tandem.com'" <ietf-pkix@tandem.com>, "'ssl-users@mincom.oz.au'" <ssl-users@mincom.oz.au>
Subject: RE: ASN.1 types for Distinguished names (was: Re: Distinguished names and
Date: Wed, 02 Apr 1997 13:14:28 -0500
Encoding: 23 TEXT

>I'm unaware of any equality rules to use when comparing strings of 
>unequal type.  I assume that most implementations assume that strings
>of unequal type are by definition not equal.  IMHO this is the best
>approach because of the lack of well-defined equality matching rules.

My understanding of the DN comparison rules is that one must compare the
actual characters in a string as opposed to the particular datum from a
particular character set.  That is, if I am comparing a distinguished
value that uses PrintableString with a distinguished value that uses
BMPString, I must compare the characters in question one by one, rather
than the bits used to represent them in each of those strings:  I map
each octet from the PrintableString and each pair of octets from the
BMPString to a canonical character table;  if these map to the same
character, I move to the next character in the value to continue my
comparison, and so on, to the end of the strings.  If one string is
shorter - in characters, not octets or bits - than the other or if a
given set of bits maps to different characters, the comparison fails and
the values are different;  otherwise, the values are the same

Or something along those lines.  At least that's my understanding.

pww

Re: ASN.1 types for Distinguished names (was: Re:… Julian Onions
RE: ASN.1 types for Distinguished names (was: Re:… Peter Whittaker