[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: specification language?
At 10:36 3/8/96, Jueneman@gte.com wrote:
>2. Sometimes it is necessary to use multivalued RDNs in a name, in order to
>disambiguate them. For example, if there are two people of the same name in an
>organization, it may be necessary to use commonName plus serialNumber
>(employee
>ID) to define which one is which.
Sorry, Bob, but I can't resist this :).
This is one of the problems with DNs. Uniqueness of DNs is advertized as
necessary so that I, the remote user looking up my old friend Bob at IBM,
know which of the many Bobs is my friend. However, the uniqueness of DNs
is solved in some manner the CA chooses -- e.g., appending employee number
or mail stop -- and that could be totally irrelevant to me, the external
user.
This came up for me in reviewing an article on certificates, recently.
Namely, the step-by-step process of using a certificate ignored the
important step of finding out which of many possible ID strings is the one
of interest to you. It's interesting to me to note that whatever effort
you have to go through to discover that ID-string:human mapping is probably
identical to the process you'd have to go through to get a public key
directly from your old friend.
I offer this note not to start a flame exchange but to note for the record
that the frequent argument in favor of X.500 style unique names is
seriously flawed
for me, the user.
- Carl
+--------------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc., Suite 430 http://www.cybercash.com/ |
|2100 Reston Parkway PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Reston, VA 22091 Tel: (703) 620-4200 |
+--------------------------------------------------------------------------+