pem-dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Mapping e-mail address to X.500 distinguished names for PEM

1993-05-17 00:25:00
from [D F Sadok] [Permanent Link] 


   >From: Markus Mueller <mmue(_at_)ch(_dot_)ethz(_dot_)tik(_dot_)komsys>
   >Subject: Re: Mapping e-mail address to X.500 distinguished names for PEM
   >Date: Thu, 13 May 1993 20:43:54 +0200

   >> The X.500 directory could be one such mechanism.  However,
   >> one difficulty that I see integrating PEM and X.500 is that the X.500
   >> directory hierarchy is based on distinguished names while the e-mail
   >> address has a different hierarchy (e.g. Internet Address)
   >
   >Good idea. Actually the mapping between RFC822 name and distinguished
   >name has already been solved in the Thorn / RARE X.500 naming architecture
   >proposed by S. Kille at UCL which includes the attribute "RFC822 mailbox".
   >You can either read an entry via the distinguished name to get the RFC822
   >mailbox name, or search via the RFC822 mailbox name to get the distinguished
   >name. By adding a "Certificate" attribute to the naming architecture both
   >type of queries will also return that certificate.
   >
   >Since UCL is also active in the development of secure e-mail I guess that
   >their DSA is already supporting certificates.

Yes.

   >
   >Note, however, that the mapping between RFC822 name and distinguished name
   >is not reliable, either because the DSA is not trustworthy or because the
   >returned data was tampered with. In the current PEM version this should not
   >be a problem since it is based on the Distinguished name only. You may also
   >activate the OPTIONALLY SIGNED mechanism on the DSA to prevent tampering
   >with the returned data.
   >

Within the PASSWORD project we also have implemented authenticated
DUA (Dish, ...) to DSA access. This may be integrated into the
current UCL PEM UA to overcome some of the security problems
you mention.

   >   Markus Mueller
   >   FIDES Informatik
   >   Abteilung IB2
   >   Badenerstrasse 172
   >   CH-8004 Zuerich
   >   Switzerland
   >
   >   SWITCH/ARPA/BITNET : mueller(_at_)komsys(_dot_)tik(_dot_)ethz(_dot_)ch
   >   UUCP               : 
mueller%komsys(_dot_)tik(_dot_)ethz(_dot_)ch(_at_)chx400(_dot_)uucp
   >   X.400              : S=mueller;OU=tik;O=ethz;P=switch;A=arcom;C=ch
   >
   >   Mail account courtesy of Institut fuer Technische Informatik und
   >   Kommunikationsnetze, ETH, CH-8092 Zuerich, Switzerland

Jamel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Mapping e-mail address to X.500 distinguished names for PEM, Markus Mueller
Next by Date:  PEM Certificate Revocation List in X.500, terry cheung
Previous by Thread:  Re: Mapping e-mail address to X.500 distinguished names for PEM, Markus Mueller
Next by Thread:  PEM Certificate Revocation List in X.500, terry cheung
Indexes:  [Date] [Thread] [Top] [All Lists]