I'm looking for an implementor's agreement on "subordination" of one
distinguished name to another.
I'd like to see an implementor's agreement that says A's distinguished
encoding should be the same as B's for common RDNs. Also, I'd like to
see one that requires an entity to keep the same distinguished
encoding throughout its use of a name. (Note that I'm not calling for
the "choose PrintableString if you can" rule, just "don't change your
encoding, or your superior's encoding when you're a subordinate.")
Although I suppose anything is possible, it would surprise me to learn
that anyone is building or has built an encoder that encodes part of a
name one way and part another.
Also, wouldn't such an agreement make PEM even more incompatible with
X.500 directory services? There are already a dozen or more different
directory implementations, at least one of which does include
certificates. An agreement such as you describe could make it difficult
if not impossible for PEM to use certificates the origin of which is
outside the Internet infrastructure.
Is there a particular benefit derived from such a restriction?
Jim