and sites that register users with PEM can *mandate* that the Common Name
component include the e-mail address of the registered user, i.e., for
myself I would like the string:
Jeffrey V. Cook <jvc(_at_)la(_dot_)tis(_dot_)com>
as my Common Name.
I'm not sure about the reaction to a mandate from sites which are already
using PEM and X.500, or PEM with other messaging systems besides RFC 822.
Would they need to create duplicate entries and/or aliases for each address?
This string looks just like an e-mail signature, lends itself easily to
automated processing, and uniquely identifies me.
A relative distinguished name containing these attribute value assertions:
a commonName attribute with the user's full name ("Mark Wahl"),
a uniqueIdentifier attribute in case of re-use of common name & mailbox,
an addressing attribute, such as rfc822mailbox, janetMailbox, otherMailbox
(see RFC 1274) or mhsORAddress (X.400)
looks similar to this, uniquely identifies the recipient user and strongly
types the e-mail address.
By removing the common name attribute from this the subject entry being
certified is a "mailbox", which may be appropriate for certain low-assurance
uses. Mapping rules of RFC 1279 or MHS-DS can then be used to semi-
mechanically determine DNs.
-------------------------------------
Mark Wahl; M(_dot_)Wahl(_at_)cs(_dot_)ucl(_dot_)ac(_dot_)uk; Univ.
Coll. London