Paul:
Paul> In the absence of the IPRA database, a CA will need to properly
compare dnames to ensure uniqueness under the equivalence rules. Also,
during message processing a PEM implementation will be required to
properly retrieve/store certs from its local cache based upon the
originator/recipient-id fields. Since these fields should probably not
be assumed to be in canonical form, the implementation will be required
to canonicalize them.
This could be a VERY BAD IDEA if becomes that local system's means of
generating, as well as matching, Dnames. A case in point exists today
with the byu.edu listserver. It forces all names to lower-case,
assuming that these will be legal DNS names. While that is guaranteed
to work for the CPU name (to the right of the at sign), it fails on the
local name and all mail I get from it is tossed into the bit bucket. I
must repeat that it is not up some UA (or MTA) to decide on my behalf
exactly what my name really is. This a matter for me to decide
(presuming that I can get a CA to accept my choice.)
Peace ..Tom