Peter,
First of all, let me apologize for confusing you with Peter Churchyard,
and second for not replying to your message before now.
Frankly, I am still trying to figure out what you said, and whether I
agree with you or not. Your messages sometimes seem like the
perfect example of Churchill's "Two peoples separated by a common
language."
I am happy to say that Steve Kent, Hoyt Kesterson, Sead Muftic,
and I were at the recent ABA workshop on Notarization and
Nonrepudiation, and worked together with several of the lawyers
on trying to understand some of the naming issues from both a
technological and a legal basis. In doing so, we tried to work through
a number of the harder types of issues, involving croporations such as
GTE that are in effect holding companies, multinational organizations
such as Groupe Bull and Bull HN, multiple-locations organizations,
Doing Business As companies, franchise operations, etc.
In this process we tried to consider the following:
1. What information should the PCA and/or the CA collect about
the subject, if only to protect itself by showing due diligence.
2. What information should be in the DN that is included in the X.509
certificate, and what information, if any (Steve says none, I say
maybe a little, but I'm willing to bend) should be included in the
signed certificate in an optional attribute field (assuming X.509-1/2).
3. What information should be in the DN of the X.500 entry which
contains the (one or more) X.509 certificate as a value entry.
4. What information should be normally included in a more user-friendly
alias, for yellow pages and browsing access, and for business card
e-mail addresses.
I believe we reached a reasonable concensus on these issues for names
that are strictly used for identification, including CA names. We ran out of
time
on the issue of role names and implied agency or authorization, and didn't
address the issue of an explicit authorization or capability-granting
certificate at all. Nor did we have time to address the issue of negative
CRLs vs. positive Certificate Validation Certificates (to make up a name for the
concept that Sead and I have been batting around.)
However, what I think I understood us all to agree to may be different from
what the others heard, and we may come up with additional examples and/or
second thoughts. I volunteered to be the scribe, since I also accepted
the responsibility for the naming section in the ABA document/book/encyclopedia
that we are commencing, so I will exchange drafts with the other three
for their comments before posting them on PEM.
In the meantime, I will try to at least comprehend what you are saying, and
try to decide whether we are in violent agreement or not. If you have any
further thoughts or comments, please pass them on.
Bob