John,
The title of the message thread was not mine, and is
quite misleading. I was NOT trying to link authorizations
to the DN, but rather to include a Disclaimer within the
certificate. One is positive, one is negative, and there is
quite a difference.
My understanding at the time was that the PCAs were
unwilling, for a number of presumably valid business
reasons, to include such a disclaimer in their policy
statements. Now it appears that the winds may be
changing, so all of this argument may have become
moot.
I could imagine a MIME/PEM compliant content which has as attributes such
disclaimers.
Once more, with feeling: HOW DO YOU GET THE PERSON
WHO STOLE YOUR KEY TO USE THE PROPER FORM??!
Come on, people, this shouldn't be a hard concept to grasp!
There are any number of ways that authorizations can
be added. The trick is how to take them away, or how to
avoid being stuck with them from the beginning, if that is
your intent.
Bob