However, I think these problems are outside the scope of this mailing
list (PEM-DEV). By these problems, I refer to the DN issues I
enumerated above. Some of the problems you raise are very application
dependent. Applications that you may be faced to develop or use at
GTE; applications that may not even use PEM. This is because the
problems are inherent to asymmetric (public-key) cryptography. PEM
does not claim to be a solution to all problems and it is best to leave
it at that.
I agree that many, perhaps most, of the DN names problems are generic
to public key cryptography, particularly those systems (all that I am aware of)
that have embraced the use of the X.509 certificate. And I apologize to those
who have waded through my often too-lengthy messages.
I would be more than happy to move these discussions to another forum,
if there were one where the people were as knowledgable about the various
issues as we find on pem-dev.
But at present, my focus IS on PEM. Other applications may and probably will
come. But unless I am totally crazy, the issue of how to distribute CRLs to
PEM UAs is not well architected, much less universally well implemented.
And the question of how to limit the user's and the organization's liability
appropriately is an almost show-stopping issue with the various corporate
lawyers
I have spoken with in trying to implement PEM within my organization.
I'm not trying to solve all the worlds problems, just these two. But wishing
won't make them go away. And if PEM can't solve these problems using
the tools that are available, then, IMHO, then either the tools will have to
be improved or PEM will not live up to what I believe and hope will be
its true potential.
I'm willing to try to help solve these problems by writing Internet drafts, if
that's
what it takes, but so far I don't sense a common understanding of the problem,
much less any agreement about the solution.