pem-dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[no subject]

1993-11-16 15:55:00
from [jueneman%wotan] [Permanent Link] 
Steve,

I see that you've been catching up on your mail. 
I've been away for a week myself, and want to go over your 
replies carefully. I didn't want you to think I was ignoring you --
someone might think I had died! :-)

I did have an interesting talk with Hoyt Kesterson, the raporteur
for X.500 and the chair of X.509, regarding the general subject of
roles and directory search strategies. We discussed the general
problem of what kind of information should be in the Distinguished Name
as opposed to being generic attributes contained in the Directory per se.

We agreed that there will certainly be attributes that will be
important, but which the directory service provider would not be in a
position to vouch for (regardless of whether or not someone would 
trust the directory service provider.) Some of these attributes should
probably be signed by the CA. But that does not necessarily imply
that those attributes should be placed in the DN, which at present is
the only place that a CA can sign anything. I suggested adding
additional optional attributes to the X.509 certificate to contain
those attributes which are important but are not necessary as part
of the search criteria and therefor may not deserve to be in the DN.

It is clear that no substantive change is be made to X.509 this year,
but maybe in the '94-'95 timeframe. So we will have an opportunity
to gain meaningful experience and to propose changes based on that 
experience. In the meantime, I expect that we will see some of the 
strangest DNs as the community comes to grips with this problem.

BTW, one of my guys attended the last NADF meeting -- the first one 
we had been to. As I understand it, they are about to start considering
EDI types of applications for their next project, as a step towards some
kind of a Yellow Pages pilot. Already, questions about roles and the 
adequacy of X.509 for such purposes are beginning to arise. I used to
think that it was my fault for not understanding some of these issues more 
clearly, but now I think we surfaced many issues that the rest of the community
is just about to start wrestling with.


but
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [no subject], jueneman%wotan <=
Previous by Date:  Re: installations, Stephen D Crocker
Next by Date:  Revised versions of PKCS available, Burt Kaliski
Previous by Thread:  installations, Peter Lipp
Next by Thread:  Revised versions of PKCS available, Burt Kaliski
Indexes:  [Date] [Thread] [Top] [All Lists]