Re: Are DN's really names?

It is my understanding that the term DN which we are using is the
Directory Distinguished Name which is actually the lookup name into
the directory which one uses to find all the information which has
been entered into the directory for that name, so it is not an address.
You can store a person's address in their directory entry, or their
phone number, or the location of their printer, or anything that has
been defined by the directory administrator at that site. Your internet
address can be another piece of information stored under your DDN.

So, technically, in X.500 terms, the DN is you since it is everything
that is known about you which you wish to disclose to others, with 
different levels of access control set by the adminstrator. Hopefully, then,
you would have one DN. But, since you are allowed aliases, other aliases
can then point to that DN so you could still be known by different DNs.
There would still be only one entry for the real you, though.
You would be the owner of all the information in that entry. 

I think that the PEM use of the word DN does not vary that much from the
X.500 use. Any comments from the RFC developers about this interpretation?

Cheers,

Eva Kuiper


Gentle  Interfolk:

This discussion on naming seems to revolve around the Distinguished
Name (DN) being taken as a name.  Of course it is no such thing.
The DN is an address for delivery of electronic mail and serves no
other purpose.  The Internet DNS performs pretty much the same thing.
I now have at least three ways that people can reach me over the
internet, and others thru various BBS's here and there.  Each of
these has required me to have a different "name".

If I am to "own" a private/public key for use in PEM (RSA) signing, and
another private/public key for use in DSS signing they might not be
able to have the same DN's on any network and I may still need to
to have other name/address pairs for use on nets with odd naming
conventions.  When I use same key in private correspondence with a
domestic CA that I use for business use with my company's CA, I do not
change, nor does my key change.  The point is that the DN is not me, 
and that I will surely need multiple DN's in the brave new internet.

I am more concerned with the ownership of my key.  If my company issues
me a badge with my name and picture on it and my key inside it, who
owns the badge, me or my company?  If my company chooses to "recover"
their property and my key is inside it, do I have the right to destroy
my key before they get possession of it?

I personally "own" my signature in the sense that only I can legally
use it.  Will I own my digital signature?

Peace 
Tom Jones - Lemcom

<Prev in Thread]	Current Thread	[Next in Thread>
Are DN's really names?, TCJones(_at_)dockmaster(_dot_)ncsc(_dot_)mil Re: Are DN's really names?, Eva Kuiper <= Re: Are DN's really names?, Steve Kent Re: Are DN's really names?, Bill Sommerfeld Re: Are DN's really names?, Steve Kent Re: Are DN's really names?, Brad Huntting Re: Are DN's really names?, Steve Kent Re: Are DN's really names?, Raymond Lau Re: Are DN's really names?, gvb Re: Are DN's really names?, Steve Kent Re: Are DN's really names?, Carl Ellison Re: Are DN's really names?, John Lowry

Previous by Date:	Are DN's really names?, TCJones(_at_)dockmaster(_dot_)ncsc(_dot_)mil
Next by Date:	Re: Are DN's really names?, Raymond Lau
Previous by Thread:	Are DN's really names?, TCJones(_at_)dockmaster(_dot_)ncsc(_dot_)mil
Next by Thread:	Re: Are DN's really names?, Steve Kent
Indexes:	[Date] [Thread] [Top] [All Lists]