Bob writes:
I'm just trying to point out that there are many attributes that might
normally be
contained in the directory that would be nice to have available in a PEM-only
context, and that regardless of the context it would be nice to allow the CA
to sign
those attributes (such as employer's name and postal address) without requiring
everything to go into the DN.
You do realize that by adding to the information that the CA has to
sign, you are making its life more difficult since it now has to
verify the validity of all the additional information? Does the CA
even have the authority to verify all that information?
Also, what if that information changes? Do I need to get another
certificate signed by the CA everytime my office room number changes?
_______________________________________________________________________
Alireza Bahreman E-Mail:
bahreman(_at_)bellcore(_dot_)com
Bellcore, Room RRC-1K221 Phone : +1 908 699 7398
444 Hoes Lane, Piscataway, NJ 08854 Fax : +1 908 336 2943