>From: Alireza Bahreman (Ali) <ali(_at_)com(_dot_)bellcore(_dot_)ctt>
>Subject: Mapping e-mail address to X.500 distinguished names for PEM.
>Date: Tue, 11 May 93 09:08:18 -0400
>
>Gentle Readers,
>
>To deploy PEM across heterogeneous administrative domains, one needs a
>mechanism by which certificates of other parties can be obtainbed and
>verified. The X.500 directory could be one such mechanism. However,
>one difficulty that I see integrating PEM and X.500 is that the X.500
>directory hierarchy is based on distinguished names while the e-mail
>address has a different hierarchy (e.g. Internet Address). In using
>e-mail, users would want to only specify the e-mail address of their
>partner and not the distinguished name. It seems then, that there is
>a need for a mapping between X.500 distinguished names and the Internet
>(and other formats of) e-mail addressing.
>
>To verify a certificate, on the other hand, the X.500 directory makes
>a great choice. This is because the distinguished name is available
>and can be used to query the database.
>
>What do you think about this? Is there some one out there who is
>experimenting on this?
>
>Thanking you for any pointers or hints,
>
>_______________________________________________________________________
>Alireza Bahreman E-Mail:
bahreman(_at_)bellcore(_dot_)com
>Bellcore, Room RRC-1K221 Phone : +1 908 699 7398
>444 Hoes Lane, Piscataway, NJ 08854 Fax : +1 908 336 2943
The UCL PEM provides a domaine to DN mapping
based on DSA use (Quipu).
Jamel.