Re: PEM and the NADF (Was: FYI)

Let me comment on one aspect of this, naming.

SD-5 is very specific in one thing: once you cross from the shared DIT
domain to an organizational DIT domain (e.g., { c=US, o=XYZ }), then the
NADF doesn't care how you organization that subtree.  The NADF does not
care what object classes you use, what RDNs you use, etc.  If XYZ is
assigning X.509 PKC's to its employees and it wants the name fields in
the PKCs to match up with DNs in the DIT, then all it has to do is use
DNs which are subordinate to { c=US, o=XYZ }.

Bob raised a very good point:

    CAs are about registrations -- binding a name to an entity

    Directories are about listings -- publicizing names

The purpose of my message is to separate these two different
mythologies.

/mtr

<Prev in Thread]	Current Thread	[Next in Thread>
PEM and the NADF (Was: FYI), jueneman%wotan Re: PEM and the NADF (Was: FYI), Marshall Rose <= Re: PEM and the NADF (Was: FYI), John Lowry Re: PEM and the NADF (Was: FYI), Marshall Rose

Previous by Date:	Re: New directions (was: Re; FYI), Mr Rhys Weatherley
Next by Date:	Re: New directions (was: Re; FYI), Mr Rhys Weatherley
Previous by Thread:	PEM and the NADF (Was: FYI), jueneman%wotan
Next by Thread:	Re: PEM and the NADF (Was: FYI), John Lowry
Indexes:	[Date] [Thread] [Top] [All Lists]