pem-dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: PEM-DEV message to you, resent

1994-02-05 20:10:00
from [Peter Williams] [Permanent Link] 


   >From: Marshall Rose <mrose(_at_)us(_dot_)ca(_dot_)mtview(_dot_)dbc>
   >Subject: Re: PEM-DEV message to you, resent
   >Date: Fri, 04 Feb 1994 21:07:02 -0800

   >I'm sorry, but I didn't follow your message.  What specifically is your
   >question and can you give an example with it?
   >
   >/mtr


Lets ignore X.500 directory access and service issues, considering only
SD-5 naming architecture issues as relevant to PEM constrained version
of the X.509 certificate. This architecture is suggested strongly as
one means in RFC 1422 of simply, and harmoniously, practising naming
individuals and organizations.

The issue is to decide whether a proposed new attribute type suggested
by Warwick Ford may be used as part of an RDN in PEM certificate naming
fields. If not then the objective of introducing that attribute type
cannot be acheived by the mechanism of adding to the list of
permissable RDN attributes types. 

1.
Under the use of the NADF naming architecture by PEM, would you
personally interpret PEM certificate issuance procedures, when used in
naming domain operating to the principles of SD-5, as requiring that
the ONLY PEM-legitimate DN value for the certificate's subject or
issuer field be a "civil name", obtained by applying the NADF algorithm
for exploiting existing civil naming infrastructures?

2.
Or can it be that any DN at which the entity might choose to 
list itself under the NADF naming architecture may be sensibly used?

3. 
If 2, and the listing took place at a point within the
DMD of an NADF ADMD, can the RDN be composed of privately-domain
defined attribute type?



Under the current NADF naming architecture and PEM RFCs, I can see only
case 3 as facilitating the proposal of Warwick Ford to add an attribute
type to the naming architecture suggested for use in the naming domains
which opt to adopt the NADF-suggested naming principles. If 3 is false,
then for the proposal to go ahead, either the NADF naming architecture
must change, or else PEM operations must deviate from that naming
architecture.

4.
Is the above decision criteria and possible outputs rational, or I have
a missed something obvious.


My conclusion.

If 3 is false, and NADF naming principles are maintained as they are
currently specified, and PEM continue to suggest their use, then the
proposal of Warwick must be rejected because of inherent conflict to
already agreed naming procedures reasonably expected to be used by
large-numbers of PEM-users, and for which supporting consensus has
already been long established, and which does not prejudice
non-NADF-principled naming domains.

Alternatively, Warwicks proposal requires the scenario presented in
case 3, for CAs operating in US and CA. I have no idea whether an
issuer  name operating under such a constraint would still achieve his
original goal!

Thanks for the willingness to help.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Are X.500 names feasible?, Mr Rhys Weatherley
Next by Date:  Re: CA Names, warwick (w.s.) ford
Previous by Thread:  Re: PEM-DEV message to you, resent, Marshall Rose
Next by Thread:  civil names versus listed name, Peter Williams
Indexes:  [Date] [Thread] [Top] [All Lists]