Warwick:
I find many parts of your suggestion attractive, but we must find a way to
implement it without using a new attribute as part of the distinquished name.
Could you please expand on your strong opposition to the new attribute
proposal. X.500 was designed with a goal of straightforward
extensibility re adding attributes and, as I understand it, this has
been achieved with respect to chaining DSAs. There is certainly an
impact on DUAs which need to recognize the attributes, but it is not
obvious to me that we have a real problem in the CA-name case. Is your
concern something fundamental with X.500, or is it that some particular
implementation(s) might break?
My concerns is simply theone voice by Mike Roe, in practice the intoduction of
new attribute types has been shown to be difficult. If you can show a counter
example, then I might withdraw my objection. If we can show that the new
attribute will not seriously break existing DSAs or DUAs, then I really like
your suggestion.
Russ