Christian,
In working my way slowly through hundreds of pem-dev messages,
I note what seems to be an odd theme to several of your messages. You
have criticitized several suggestions for name structure choices based
on possible conflicts with existing X.500 DSAs. For example, you
criticized Warrick Ford's suggestion for introducing a new
distinguished attribute to identify CAs and PCAs because it might not
be easy to add a new distinguished attribute to some existing DSAs.
In the message I am responding to now, you suggested that O=Internet
was a bad choice because it would face opposition to registration at
the top level as an organization. These are all reasonable comments
from someone who is genuinely concerned about conflcits with the
existing or future X.500 directory system. However, you also have
taken a very strong position against the whole viability of X.500 in
several meetings in which we were both present, arguing that the
geopolitical naming and directory structure was doomed. I do not knwo
how to reconcile your criticism of specific suggestions based on X.500
details, while at the same time you argue that X.500 is a waste of
time anyway. If you believe that X.500 is doomed, then it seems
inconsistent to use arguments about limitations of existing X.500 DSAs
or about X.500 dogma to criticize any other proposed suggestions. If
you want to create a new certificate format, why bother maintaining
any semblence of fidelity to the existing one? We have an American
saying that "close doesn't count, excpet in horseshoes." From the
standpoint of compatability for interoperability, this aohorism rings
espeically true.
Steve