Gentle Readers,
To deploy PEM across heterogeneous administrative domains, one needs a
mechanism by which certificates of other parties can be obtainbed and
verified. The X.500 directory could be one such mechanism. However,
one difficulty that I see integrating PEM and X.500 is that the X.500
directory hierarchy is based on distinguished names while the e-mail
address has a different hierarchy (e.g. Internet Address). In using
e-mail, users would want to only specify the e-mail address of their
partner and not the distinguished name. It seems then, that there is
a need for a mapping between X.500 distinguished names and the Internet
(and other formats of) e-mail addressing.
To verify a certificate, on the other hand, the X.500 directory makes
a great choice. This is because the distinguished name is available
and can be used to query the database.
What do you think about this? Is there some one out there who is
experimenting on this?
Thanking you for any pointers or hints,
_______________________________________________________________________
Alireza Bahreman E-Mail:
bahreman(_at_)bellcore(_dot_)com
Bellcore, Room RRC-1K221 Phone : +1 908 699 7398
444 Hoes Lane, Piscataway, NJ 08854 Fax : +1 908 336 2943