On Thu, 24 Feb 1994 jueneman%wotan(_at_)gte(_dot_)com wrote:
I would prefer that we NOT use O=Internet, OU=com, OU=GTE, for the implication
would be that GTE was an organization unit of the Internet Society, which it
clearly
isn't.
Is "O=Internet" already registered for the Internet Society? If so, we
can always choose something else. All I wanted was some label to say
"the rest of this DN is an encoded Internet e-mail address". Such a
label is necessary IMHO so that smart UA's can recognise it and display
the Internet e-mail address in the usual fashion. Would you object to:
[C=US,] O=Internet, DC=com, DC=gte
where "DC" is the domainComponent OID?
Without commenting on the feasibility or wisdom of going down this path, if
this
is what we decide to do we should probably create an attribute such as
networkID , and register it with an Internet OID. This would allow us to
specify
Internet, Bitnet, X.400, AppleTalk, Novell, etc., etc.
By registering (or using an already registered) a EmailAddress attribute,
we would not have to decompose GTE.COM into separate organizational
units, nor would we have to use a separate attribute for the mailbox name.
This would then look like
networkID=Internet, EmailAddress="rrj0(_at_)GTE(_dot_)COM", CN="Robert R.
Jueneman"
I still don't like this because it does not have the flexibility of my
proposal to extend to a DNS-based CA hierarchy. Give me even just one
good reason why such a CA hierarchy is a bad idea. "Terse names" as a
reason doesn't count, and "But, it isn't OSI's view of the universe" doesn't
count either.
I think that trying too hard to cram information into X.520 attributes that
were not
intended for such purposes would be a serious mistake, and would end up
confusing
everybody. It isn't THAT hard to create and register an attribute.
Given the existence of the DC attribute, we don't even need to register one.
Cheers,
Rhys.