[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: one possible motivation for X.509

...text deleted....
>DNs perform no useful purpose for me, the verifier.  For a (name,key)
>binding to mean anything to me, the name must be in my name space.  A DN is
>in the CA's name space.  That means that to use a CA's (name,key) binding, I
>need a mapping from the DN to my name (nickname) for the entity in question.
>I have to get that mapping over a secure channel.  If I have to go to that
>trouble, then I can get the public key hash rather than the DN over that
>channel and I won't have needed the DN.

Nice discussion....Why do I need to "get the that mapping over a secure
channel"? The point is not clear to me.....later...Rik

|         Rik Drummond - The Drummond Group         |
|   5008 Bentwood Ct., Ft. Worth, TX 76132 USA  |
|        Voice: 817 294 7339    Fax: 817 294 7950     |