It sounds like we're putting in lots of options so we can pick and choose
which we utilize in our applications, but Jim Galvin says:
No! Absolutely not! We are putting in lots of options so that *users* can pick
and choose the things that they want. This says nada about implementations. I
have no problem with *implementing* certs, my only problem is the expectation
that users must set them up before they can do anything with PEM.
Even though you (Ned) have as much trouble with X.509 certs and
distinguished names as you have recently explained, you have to
implement them anyway. (I assume that's why we're still discussing
things: everyone doesn't want to implement everything that someone
else thought would be neat to see in the standard, so we're trying to
settle it down.) How are you planning to implement distinguished
names and X.509, although you don't want to, given that you must
"implement everything in the specification"?
I've already implemented them (or more accurately, they have been implemented
for me, and they appear to work). I have no problem with this. However, just
because I have them available doesn't mean I can use them in an
RFC1422-compliant fashion.
Ned