Re: Are DN's really names?

Brad,

        There are lots of attributes you can have in an entry which
may help people search for an entry.  However, only the DN will appear
in a certificate, and directiory schema (such at the NADF work) do not
encourage inclusion of these attributes in a DN.  So these other
attributes do not contribute to authentication, in general, in the
same way as DN attributes.  In the PEM environment, where we do not
assume ubiquitous directory availability, any attributes outside of
the DN do not contribute to authentication.


Steve

<Prev in Thread]	Current Thread	[Next in Thread>
Are DN's really names?, TCJones(_at_)dockmaster(_dot_)ncsc(_dot_)mil Re: Are DN's really names?, Eva Kuiper Re: Are DN's really names?, Steve Kent Re: Are DN's really names?, Bill Sommerfeld Re: Are DN's really names?, Steve Kent Re: Are DN's really names?, Brad Huntting Re: Are DN's really names?, Steve Kent <= Re: Are DN's really names?, Raymond Lau Re: Are DN's really names?, gvb Re: Are DN's really names?, Steve Kent Re: Are DN's really names?, Carl Ellison Re: Are DN's really names?, John Lowry Re: Are DN's really names?, Raymond Lau

Previous by Date:	Re: Key-Info field, Raymond Lau
Next by Date:	Re: How long live certificates?, P. Rajaram
Previous by Thread:	Re: Are DN's really names?, Brad Huntting
Next by Thread:	Re: Are DN's really names?, Raymond Lau
Indexes:	[Date] [Thread] [Top] [All Lists]