On Tue, 15 Mar 1994, Jeff Thompson wrote:
The Persona responder requires exactly one extra attribute, which must
be a common name, beyond the OU=Persona Certificate. This is to
prevent people from trying to stick in organization attributes that
make it look (to unwitting users) that they work for that
organization.
Reasonable I suppose. Would it be possible to at least allow the RM
attribute so that the e-mail address can be embedded in RSA's persona
certificates? If you're paranoid, you could automatically bounce
something with an RM attribute that doesn't match the From: or Reply-To:
lines. They're just as easy to forge of course, but it may help a bit.
Aside: don't think I'm giving up on my DC/RM version yet, Bob. :-) I
still think there's a need for it in addition to embedded addresses no
matter how many alternative names you come up for me. :-)
Cheers,
Rhys.