FYI

2. The issuer (CA) field of a PKC needn't correspond to a entry in the
   DIT.  However, this may be useful as that entry might contain an
   objectClass attribute value of certificationAuthority, which indicates
   that the CA's entry contains information such as a PKC revocation
   list.

isn't strong enough.  The "useful"ness of a one to one mapping
of DNs not only allows one to extract the CRL but to extract
the issuer's certificate and so recursively along the chain.
This is true for _every_ application which uses certificates
that I am aware of.


Let's not forget that "polyinstantiation" (I love that term) of a CA
in different hierarchies may lead to a "many to one" mapping of DIT
names and certificates.

Otherwise, I think we're in full agreement.  Let's take this as an
invitation to actively define such a relationship from the PEM
perspective.

-Steve

<Prev in Thread]	Current Thread	[Next in Thread>
Re: FYI, (continued) Re: FYI, John Lowry Re: FYI, Stephen D Crocker Typo..., Stephen D Crocker Re: FYI, Bob Smart FYI, Steve Dusse Re: FYI, John Lowry Re: FYI, Mr Rhys Weatherley Re: FYI, John Lowry Re: FYI, Mr Rhys Weatherley Re: FYI, John Lowry FYI, Steve Dusse <= Re: Re: FYI, jueneman%wotan Re: Re: FYI, John Lowry Re: Re: Re: FYI, jueneman%wotan

Previous by Date:	Re: FYI, Bob Smart
Next by Date:	Re: Re: FYI, jueneman%wotan
Previous by Thread:	Re: FYI, John Lowry
Next by Thread:	Re: Re: FYI, jueneman%wotan
Indexes:	[Date] [Thread] [Top] [All Lists]