Hallvard B Furuseth wrote:
Could we accept some safe subset of T.61 and reject the rest? As long as we don't need to translate back...
Perhaps. The original post in this thread was complaining about a plain attribute value as well as a certificate DN. Obviously LDAPv3 requires strings to be provided in UTF-8; one has to wonder if the client was performing an LDAPv2 Bind. If we tie string normalization behavior to the session protocol version, then that means we would also need to be able translate back from UTF-8 to T.61.
Clearly we are not going to add any support for LDAPv2 at this late date.
At this point I think all the facts and resources have been laid out. Patches welcome, if anyone wants to pursue it further.