Bob> NEITHER X.509, NOR X.520, NOR X.500 ITSELF CONSTRAIN THE SCHEMA
THAT IS TO BE USED FOR REPRESENTING THE DN.
X.509 defines BER, it is X.521 that has selected objects .. but this is
just details, the X.500 directory is defined by the totality of the
X.5xx documents, is it not? And the ITU expects to have authority for
these objects, does it not? This is the crux of the problem.
- -
Bob> ...It is even conceivable, but perhaps somewhat less likely, that
the IETF could petition the ITU and create a name registration authority
directly under the ITU root (with no Country=).
SWIFT creates "names" for banks, IATA creates "names" for airlines, DEA
creates "names" for drug dealers, D&B creates "names" for businesses,
and I create names for my children. These organization are the final
authority on what constitutes a name for the entity. Let us just
recognize reality.
- -
Bob> Nobody has to _create_ a name for anyone. People and organizations
already _have_ names, which they were assigned by the individuals who
created them (parents or sponsors).
Excuse me, but it seems to me that most of your postings seem to be
directed towards finding a structure to build a DN. Now this structure
is not likely to be the structure that I use for my name. So I would
therefore need to have some authority create a name for me (a DN.) Or
do you deny that a DN is a name? (By the way I stated about a year ago
that IMHO the DN was not, in fact, a name at all.)
- -
Bob> So we already have the ability to use the scheme that you describe,
depending on whether the naming authority has registered with ANSI or
with the ITU.
Right, but we have that ability with or with out the X.5xx
recommendations.
- -
Bob> 1. Have the IETF (the IANA) decide precisely which attributes must
be supported in a core set, and let unfettered, snarling,
free-enterprise determine the rest.
But why give them a job for which they are obviously ill-suited?
- -
Bob> 2. Adopt a technical solution along the lines of self-describing
objects, where the presentation syntax and semantics for each attribute
are themselves described in a selfDescribingAttribute type.
Or --- just let the naming authority establish its own syntax, which
may, or may not, have any meaning or structure whatsoever!
Naming and the syntax of names is best left to the people who do for a
living. Lets not imagine that this group, or any such group constituted
now, or in the future, will ever have the last word on how this is to be
done. Sure, all of the programmers of the world would love it if the
systems design were completed prior to the code and that there would
never be any changes. This is not realistic. It does not work now. It
will not work in the future.
Peace ..Tom