sean.mullan@ireland 2000-11-06

RFC 2253 obsoletes RFC 1779.

Those service providers that must use RFC 1779
names (ex: dependent on LDAPv2) can transform the 2253 name to 1779 format
in the implementation or use the corresponding CertPath API methods that
accept X500 DNs in binary (ASN.1 encoded) form. We also may provide methods
to help transform 1779 <-> 2253 String DNs in a public X500Name class.

The RFE affects the following methods:

  X509CertSelector.setIssuer(String)
  X509CertSelector.setSubject(String)
  X509CertSelector.setSubjectAlternativeNames(Collection)
  X509CertSelector.addSubjectAlternativeName(int, String)
  X509CertSelector.setPathToNames(Collection)
  X509CertSelector.addPathToName(int, String)
  X509CertSelector.getIssuerAsString()
  X509CertSelector.getSubjectAsString()
  X509CertSelector.getSubjectAlternativeNames()
  X509CertSelector.getPathToNames()
  X509CRLSelector.setIssuerNames(Collection)
  X509CRLSelector.addIssuerName(String)
  X509CRLSelector.getIssuerNames()
  PKIXParameters(PublicKey, String)
  PKIXParameters(PublicKey, String, boolean[])
  PKIXParameters.setCAPublicKeyAndName(PublicKey, String)
  PKIXParameters.setCAPublicKeyAndName(PublicKey, String, boolean[])
  PKIXParameters.getCAName()
  PKIXBuilderParameters(PublicKey, String, CertSelector)
  PKIXBuilderParameters(PublicKey, String, boolean[], CertSelector)


sean.mullan@ireland 2000-12-04

Changed the description of this RFE. A new RFE has been created which adds
RFC 2253 support to the javax.security.auth.x500.X500Principal class. The
CertPath API should be changed so that all methods that accepted/returned
DNs (as Strings or byte[]) now accept/return X500Principals instead.

The benefit of this change is that it does not impose a requirement on
RFC 1779 or RFC 2253 at the API level, and instead allows implementors or
application users to choose what format is more desirable by calling the
appropriate method of the X500Principal objects.