Message-Id:
<9302251736(_dot_)AA12938(_at_)smiley(_dot_)mitre(_dot_)org(_dot_)sit>
Date: Thu, 25 Feb 1993 12:39:01 -0500
Subject: Re: Unique DNs
I HAVE PULLED OUT TWO PARAGRAPHS FOR YOU.
Thank you.
I would like to see us drop this topic. To me, it's an interesting
observation for discussion among relaxed people who have nothing better to
do. PEM, however, is in the midst of release and standardization and I
believe it needs to get released and accepted with a minimum of delay.
So, I don't want to debate this in any way which might hold up PEM
adoption.
However, for those pem-dev readers who are up for relaxed consideration --
3.3.5 Issuer Name
If unique names in PEM-space had been defined to be RSA public keys, then
there might be other problems to solve but this current debate about
uniqueness of DNs wouldn't affect PEM adoption.
3.4.2.2 Ensuring the Uniqueness of Distinguished Names
A fundamental requirement of this certification scheme is that
certificates are not issued to distinct entities under the same
[...] name.
Of course. If name were RSA key, there wouldn't need to be procedural
safeguards enforcing uniqueness. The key generation algorithm does that
for you -- and you can't get a more distributed algorithm.
This requirement is important to the success of
distributed management for the certification hierarchy.
Yup -- much better once you know all names are unique.
- Carl