What if I didn't know that Judge Bork was a professor at Yale or a
resident of New Haven ? An authenticated X.500 name that had these
attributes in it would not mean anything to me.
I need to be able to equate the name in a certificate with the name
that I am most familiar with. Perhape I would appreciate X.500 names
in certficates more when the New York Times starts using X.500 DNs to
identify the people in its articles.
What I need are attribute certificates that securely map a DN to the
principal's alternate names, be they e-mail names or descriptive
textual attributes, or Bob's MPEG video. I would like these
certificates to be notarized by possibly different Attribute CAs,
because each A-CA would have authority over only some name spaces.
Given this, I can map a X.500 name into a name that I can recognize and
accept. A dream User-Agent would play the MPEG video on my screen
while I read my PEM message from Judge Bork.
-raj