pem-dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: DNs (Re: Corporate Identity and Authorization)

1993-09-23 16:32:00
from [Ali Bahreman] [Permanent Link] 

Jueneman(_at_)GTE(_dot_)COM writes:

You seem to be saying that the DN should not be "distinguished,"...


NO.  Quite to the contrary.  I apologize if my previous statement was 
misleading.  Just for the record, here is what I meant to say:

1) i think one should NOT use DNs for authorization and other *things*.
DNs should only be used as a one-to-one mapping to an entity. 

2) i also think there are merits in having a single mechanism enforce
the "uniqueness" requirement independent of the DN format.

3) and it would be nice if we could all have only a single DN which
could be used in every different context that requires a unique
identifier.




BTW, I encourage you and Charlie and everyone else to come up with
alternative solutions to these problems, rather than just saying you
don't like or agree with one of my solutions and/or saying that the
problem I mentioned doesn't exist or isn't worth solving. I may be
wrong, of course, but I think they are real.

Bob


Absolutely, I agree that there are problems that need to be solved. 
And I am sure everyone including myself will work on solving them (and
there are ways to do that--by writing an Internet-Draft, etc.).  
ASIDE: I am sure IRS would love to have the third issue resolved.  :-)

However, I think these problems are outside the scope of this mailing
list (PEM-DEV).  By these problems, I refer to the DN issues I
enumerated above.  Some of the problems you raise are very application
dependent.  Applications that you may be faced to develop or use at
GTE; applications that may not even use PEM.  This is because the
problems are inherent to asymmetric (public-key) cryptography.  PEM
does not claim to be a solution to all problems and it is best to leave
it at that.

p.s.
I have to be frank here.  I am skimming through any message that is
more than one page long.  However, if it is written correctly, I should
still be able to extract the key points.

_______________________________________________________________________
Alireza Bahreman                          E-Mail: 
bahreman(_at_)bellcore(_dot_)com
Bellcore, Room RRC-1K221                  Phone : +1 908 699 7398
444 Hoes Lane, Piscataway, NJ 08854       Fax   : +1 908 336 2943
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: CRLs Load with PCAs and CAs, Brad Huntting
Next by Date:  Re: Re: DNs (Re: Corporate Identity and Authorization), jueneman%wotan
Previous by Thread:  Re: DNs (Re: Corporate Identity and Authorization), Brad Huntting
Next by Thread:  Re: Re: DNs (Re: Corporate Identity and Authorization), jueneman%wotan
Indexes:  [Date] [Thread] [Top] [All Lists]