Gateway MWMGATE1 could not deliver your mail to cc:Mail user
w035_nw because of the error(s) cited below.
Your undelivered message follows:
- - - - - - - - - - - - - - - - - - - - - - -
*** Unknown message recipient ***
Subject: Re: Unique DNs
Date: 25-FEB-1993 13:27:54
-------------- The following note was forwarded to you by AWAY... -------------
Received: from mwunix.mitre.org by mwvm.mitre.org (IBM VM SMTP V2R1) with TCP;
Thu, 25 Feb 93 13:26:55 EST
Return-Path: <pem-dev-relay(_at_)TIS(_dot_)COM>
Received: from TIS.COM by mwunix.mitre.org (5.65c/SMI-2.2)
id AA03235; Thu, 25 Feb 1993 13:26:50 -0500
Received: by TIS.COM (4.1/SUN-5.64)
id AA09067; Thu, 25 Feb 93 12:19:09 EST
Received: from dbc.mtview.ca.us (ppp.dbc.mtview.ca.us) by TIS.COM (4.1/SUN-5.64)
id AA09001; Thu, 25 Feb 93 12:19:03 EST
Received: from localhost by dbc.mtview.ca.us (5.65/3.1.090690)
id AA00328; Thu, 25 Feb 93 09:16:43 -0800
To: cme(_at_)ellisun(_dot_)sw(_dot_)stratus(_dot_)com (Carl Ellison)
Cc: yee(_at_)atlas(_dot_)arc(_dot_)nasa(_dot_)gov, pem-dev(_at_)TIS(_dot_)COM
Reply-To: pem-dev(_at_)TIS(_dot_)COM
Subject: Re: Unique DNs
In-Reply-To: Your message of "Thu, 25 Feb 1993 10:48:33 EST."
<9302251548(_dot_)AA07369(_at_)ellisun(_dot_)sw(_dot_)stratus(_dot_)com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Thu, 25 Feb 1993 09:16:40 -0800
Message-Id: <327(_dot_)730660600(_at_)dbc(_dot_)mtview(_dot_)ca(_dot_)us>
From: Marshall Rose <mrose(_at_)dbc(_dot_)mtview(_dot_)ca(_dot_)us>
Sender: pem-dev-relay(_at_)TIS(_dot_)COM
If PEM is going to use DNs, then you have to play by X.500's rules.
In X.500, a DN refers to an entity in "the real world" with respect to
that entity's role in the real world. DNs do not refer to multiple
entities, but may refer to an entity which is a collection of other
entities.
What this means is that MTR might have one or more DNs: one for MTR
in a business role, another for MTR in a residential role, perhaps a
third DN for MTR as a student at a university, etc.
However, the DN assigned to MTR in any role, may not be assigned to any
other entity--NO EXCEPTIONS. This is why it is important to have a way
of ensuring the unique assignment of DNs, and why that way should be as
simple-to-use and error-free as possible.
The NADF's SD-5 document defines such an algorithm for c=US and c=CA.
The algorithm doesn't always produce short or pretty DNs, but it
leverages off the existing civil naming structure, with its myriad rules
of intellectual (naming) property rights, so that the hard registration
questions are answered before the DN is generated. With this paradigm,
the Directory is where things are listed, not registered.
How does this relate to PEM? The answer is that use of DNs by PEM must
not behave differently than the 2nd paragraph above ("In X.500, ...")
In addition, PEM shouldn't worry about how DNs get assigned, nor try to
associate any special semantics with an arbitrary DN--unless it has
special knowledge about that DN. To do so is to go looking for trouble.
/mtr