[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: one possible motivation for X.509
...text deleted....
>
>DNs perform no useful purpose for me, the verifier. For a (name,key)
>binding to mean anything to me, the name must be in my name space. A DN is
>in the CA's name space. That means that to use a CA's (name,key) binding, I
>need a mapping from the DN to my name (nickname) for the entity in question.
>I have to get that mapping over a secure channel. If I have to go to that
>trouble, then I can get the public key hash rather than the DN over that
>channel and I won't have needed the DN.
Nice discussion....Why do I need to "get the that mapping over a secure
channel"? The point is not clear to me.....later...Rik
------------------------------------------------------
| Rik Drummond - The Drummond Group |
| 5008 Bentwood Ct., Ft. Worth, TX 76132 USA |
| Voice: 817 294 7339 Fax: 817 294 7950 |
------------------------------------------------------
Follow-Ups: