In this post, I will attempt to avoid personalities and offensive
characterizations of views differing from my own. First, the case for
banning e-mail addresses from DN's is different between DN's in which at
least one personal name attribute (Surname, GivenName, or CommonName) is
present is much stronger than the case for banning them from DN's in which
no personal name attributes are present. Second, AFAIK the usual
motivation for adding e-mail addresses to DN's is to enable directory
search by that attribute - neither obscenity nor ignorance have anything to
do with it.
It is my opinion that rather than deprecating the use of emailAddress
in the subject name what should be deprecated is the use of emailAddress in
a subject name in which any of the personal name attributes are present. I
am aware that this would involve a change to wording inherited from RFC
2459.
Tom Gindin
"RAGHAVENDRAN H. (SSG) - CTD, Chennai."
<raghavh(_at_)ctd(_dot_)hcltech(_dot_)com>
@mail.imc.org on 11/05/2001 04:14:03 AM
Sent by: owner-ietf-pkix(_at_)mail(_dot_)imc(_dot_)org
To: ietf-pkix(_at_)imc(_dot_)org, ietf-smime(_at_)imc(_dot_)org
cc: Anders Rundgren <anders(_dot_)rundgren(_at_)telia(_dot_)com>
Subject: RE: EmailAddress history question
Hi List:
My view on this is subjectAltName is a good thing. I know this has been an
issue for quite some time, but as a programmer I find the concept of
putting
an email in the DN "obscene". I tend to agree with Steve's posting on this.
Email addresses are now being used to uniquely identify persons. In future,
it may be IPv6 addresses and still further in the future... who knows.
subjectAltName provides a convenient, future-proof way of implementing this
instead of "cluttering" your DN.
My 2 cents..
Regards,
Raghav
(snip)