Steve,
As usual, you hit the nail on the head on almost all of your points,
bending the nail on only ce or twice. :-)
I'm sorry that I won't be able to attend the meeting in Seattle --
I always did enjoy a good fireworks show! Instead, I will
submit a couple of brief messages on individual
topics, rather than one long reply, and will hope that you will
give appropriate consideration to them.
I hope that the WG will be able to come to some sort of definitive
agreement regarding the issue of DNs, for I believe this is the single
most important issue to be resolved. I've said enough on this
issue, and agree with your position -- civil names are a necessary
component if we are to make nonrepudiation work at all. Otherwise,
we might just as well use RIPEM or PGP, and those people who just
can't solve their internal problems any other way should perhaps
give further consideration to either of those two schemes.
That is not to say that e-mail names and other identity-descriptive
names do not deserve being included in a certificate as an optional,
non-distinguished attribute. I think they do, and will submit a specific
proposal in a separate message.
The second-most important issue, I believe, is to begin to think about
how we should go about harmonizing PEM and PKCS, especially the
Apple AOCE.It is certainly unfortunate that these two standards
evolved in parallel, but I understand why they did. Now, once the
dust has settled, we collectively need to bring the two different schemes
together to ensure interoperability. Obviously this should be a no-fault
process -- an attitude of "I'm right, you're wrong" on the part of either
camp will not be productive.
For better or for worse, however, I believe the Internet community
should not ignore the very significant number of users of AOCE.
I'm sure that Apple would be willing to be accommodating in their
next release if a well-thought out compromise position were defined,
and so far there are not so many PEM implementations in the field
that we have to worry too much about impacting the PEM community
significantly.
Regards,
Bob