Calmly, calmly, folks. We're all big kids now.
Honestly, I naively thought that *someone else* (like
those North American Forum guys or NIST or somebody) was going eventually
going to get around to *registering* names, and that PEM would then *use*
those names by incorporating them in X.509 certificates.
The intent of SD-5 is that this won't be necessary (excepting, as Ella
Gardner points out, if you wish to register a nationally unique organizational
name with ANSI).
Now that you know that most of the PEM WG is innocent, surely you will
enlighten us by explaining (in small words, sans rhetoric) just what the
heck is going on and where PEM has gone wrong. After that, we will be
ready to receive your new Internet-Draft text of the RFC modifications that
we need to ratify to put ourselves back on the side of the angels.
I may have misread Stef's message, but I don't think he intends to say (nor
do I) that PEM has gone wrong, but that there is a potential for problems
later on down the line should PEM and X.500 not be harmonized early on
(while it's easy to do).
(2) I am told that in some WGs of the IETF, it has gotten to the point
where they are forced to give the following kinds of instruction if they
want to get anything done: "If you have been working on implementing or
modifying the current draft text, sit in front. If you have read the
current draft text *before* the meeting and have constructive comments, sit
in the middle and take your turn. If you have not read the draft before
coming to this meeting or are just learning what it is all about, sit in
back and shut up."
While that sentiment is well-suited in many cases, Stef's comments should
not be ignored because he hasn't read the PEM drafts. The material from
the PEM RFCs which you quote below does not necessarily indicate that
naming problems with respect to X.500 will not occur. The harmonization
as suggested below (RFC 1421, Section 6) would occur some time in the
future. The reason that I brought up the need for early harmonization
is that I don't want either group to have to make major naming changes
later on down the line. The 1421 is fine as it stands. Stef and I are
just pointing out that some forethought here will be more than useful.
Since I am near-sighted, I don't want to sit in back. So, although we
really don't deserve it after our Philistine behavior, please provide a
copy (or at least the reference and electronic source) of the document(s)
("SD-5") that you want us to read. The next IETF is fast upon us. We
innocents and plotters alike will read your documents; please read ours.
NADF 175 (the previous incarnation of SD-5) was submitted as an informational
RFC (as you show in your references). The RFC version should be enough to
supply the gist of it, though. I've attempted to explain the notion behind
SD-5 in a previous message. Perhaps I didn't do so in a clear manner.
NADF documents may be also be obtained (in their current form) from
ftp.ics.uci.edu, in the mrose/nadf directory. Files are named sd-*.ps.
-Peter
>Users who are not registered in a directory
>should keep in mind likely directory naming structure (schema) when
>selecting a distinguished name for inclusion in a certificate.
This is particularly important text. Doing something concrete with
this suggestion is critical.