Are X.500 names feasible?

-----BEGIN PRIVACY-ENHANCED MESSAGE-----
Proc-Type: 4,MIC-CLEAR
Content-Domain: RFC822
Originator-ID-Asymmetric: MFMxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJNRDE
 kMCIGA1UEChMbVHJ1c3RlZCBJbmZvcm1hdGlvbiBTeXN0ZW1zMREwDwYDVQQLEwh
 HbGVud29vZA==,03
MIC-Info: RSA-MD5,RSA,J6tn1R723rn6oOukG0uvbhCnavKAr27USL/sfQzOOzP
 Usx6vDEqKSUVcvfOkC+FQ7rjpn072zusH73gwWAqNnAI2AxOn8IO6ow7ADYwq7d0
 rxQh6bQ68cg8C1wGnz2Jt

The attached exchange between anish(_at_)ctt(_dot_)bellcore(_dot_)com and
Jueneman(_at_)gte(_dot_)com is focused on the handling of nicknames.  However,
the underlying assumption is that email addresses are the basic form
of identity used in the Internet.

In my view, the introduction of X.500 distinguished names has been a
very troublesome venture, and I see no evidence that things will get
better.  Quite a lot has to happen before X.500 names are genuinely
useful as the basis for identity on the net.

Given the very serious difficulties of deploying PEM using X.500
distinguished names, perhaps it's time to ask the question directly.
Do we want to shift over toward using email addresses in place of the
current regime of distinguished names?

If we want to shift over toward using email names, then certificates
would bind email addresses to keys.  There might exist directories
that map email addresses to more detailed information, but the email
address would be the principal handle by which keys would be
associated with people.


Steve

You seem to want to tie a certificate to an e-mail address, whereas
I would prefer to tie BOTH to a locally-known name or nickname, 
regardless of how it gets delivered (i.e., to which one of several 
possible mail boxes.)


I agree totally with this point. However, I believe it would be the 
responsibility of the user agent to handle nickname-to-emailname aliasing. 
The responder should only have to know email addresses, since that's the 
generally accepted name scheme used in the mail world. Nicknames should be 
defined locally - can you imagine how large an alias file would get if a 
repository had to keep local aliases for all potential users?

You'd still be able to use your nicknames, but they would have to be 
resolved into email names at the UA, the same way that email-to-DN mapping 
would have to be resolved prior to accessing the certificate.

-----END PRIVACY-ENHANCED MESSAGE-----

<Prev in Thread]	Current Thread	[Next in Thread>
Are X.500 names feasible?, Stephen D Crocker <= Re: Are X.500 names feasible?, Donald E. Eastlake 3rd (Beast) Re: Are X.500 names feasible?, William C. Green Re: Are X.500 names feasible?, Theodore Ts'o Re: Are X.500 names feasible?, p . churchyard Re: Are X.500 names feasible?, Donald E. Eastlake 3rd (Beast) Re: Are X.500 names feasible?, Stephen D Crocker Re: Are X.500 names feasible?, Donald E. Eastlake 3rd (Beast) Re: Are X.500 names feasible?, Anish Bhimani Re: Are X.500 names feasible?, Mr Rhys Weatherley Re: Are X.500 names feasible?, jueneman%wotan

Previous by Date:	Re: Use of PEM increasing?, Anish Bhimani
Next by Date:	Re: Are X.500 names feasible?, William C. Green
Previous by Thread:	My new RIPEM 1.2b3 key, Jim Bidzos
Next by Thread:	Re: Are X.500 names feasible?, Donald E. Eastlake 3rd (Beast)
Indexes:	[Date] [Thread] [Top] [All Lists]