Re: CA Names

I thought the whole reason for using the ASN.1 syntax notation
was to permit adding such features as painlessly as possible??


Bob,

I have been experimenting with X.500 since 88 -- in fact, followed the
development since 86. The assumption that one can painlessly introduce new
"attribute types" is just false: there is pain, and the pain has been obvious
since the very early experimentations. 

An attribute type is characterized by an "object identifier", i.e. a cryptic
binary string. Unless the interface program has some a priori knowledge of the
said type, the only thing it can do is to treat it as an "opaque" object, e.g.
display it as a binary string.

Using an "unknown" attribute type in the entry is bad enough: some DSA will bark
when chaining the responses. But using one such attribute in the names is a
serious receipe for failure. Most user interfaces will be unable to simply
compose the name; most servers will be unable to use this attribute for
comparison.

Christian Huitema

<Prev in Thread]	Current Thread	[Next in Thread>
Re: CA Names, (continued) Re: CA Names, Steve Kent Re: CA Names, Paul C. Clark Re: CA Names, Steve Kent Re: CA Names, Paul C. Clark Re: CA Names, Steve Kent Re: CA Names, Paul C. Clark Re: CA Names, Steve Kent Re: CA Names, Russ_Housley . McLean_CSD Re: CA Names, Steve Kent Re: Re: CA Names, jueneman%wotan Re: CA Names, Christian Huitema <= Re: CA Names, Mike Roe re: CA Names, warwick (w.s.) ford Re: Re: CA Names, jueneman%wotan Re: CA Names, warwick (w.s.) ford

Previous by Date:	Some very general questions, Steve Dusse
Next by Date:	Re: Some very general questions, Wolfgang Schneider
Previous by Thread:	Re: Re: CA Names, jueneman%wotan
Next by Thread:	Re: CA Names, Mike Roe
Indexes:	[Date] [Thread] [Top] [All Lists]