If someone in my employ uses PEM for work, I want to be assured that
when that person leaves her job, work related messages for her will be
readable by the person who assumes her job.
The keys used in such a situation are not for a _person_ but rather for
a _position_. I suppose it follows that one should use different
DN's and hence different e-mail addresses for personal vs work related mail.
What will PEM use for e-mail address <-> DN mapping? I would think
something like this should be sufficiant
RFC822 address Distinguished Name
huntting(_at_)advtech(_dot_)uswest(_dot_)com o=Internet
domainComponent=COM
domainComponent=USWEST
domainComponent=ADVTECH
commonName=huntting
The only problem I see with this is that "commonName" is a case
insensitive attribute type. If this is a problem, we could simply
define a new OID "rfc822LocalPart" which takes a case sensitive
string.
brad