Charlie and Jeff --
I like your suggestion that "A's distinguished encoding should be the same
as B's for common RDNs", but I'm not sure about requiring "an entity to keep
the same distinguished encoding throughout its use of a name". What if the
"senior" name has printable strings throughout, but a subordinate has to use
T61 for some part of its name, e.g. "Bolt Beranek & Newman, Inc."?
If I understand Burt's proposal, it means that if my superior uses T61
encoding (say in the certificate that I am expected to be subordinate
to), then I should use T61 encoding in the RDNs that I add on (say an
OU component and the terminating CN). This would mean that I should
*not* use PrintableString for OUs below OUs (and other attributes)
that use T61. Correct?
To clarify: "Throughout its use of a name" means over time. If BBN
Communications, for example, encodes its name as
c=US (Printable),
o=Bolt Beranek & Newman (T61),
ou=BBN Communications (Printable)
when BBN Communications gets its certificate from RSADSI (for
example), then BBN Communications should always use the P-T-P
combination. It should not change to the P-T-T form
c=US (Printable),
o=Bolt Beranek & Newman (T61),
ou=BBN Communications (T61)
even though it's the same abstract name. We'd like the DER always to
be the same; this facilitates searching for the name in a database
(as opposed to a directory).
-- Burt