Actually, the use of a DN instead of a URL is a much better approach.
Let me start by saing that Donald's remarks are, as usual, right on target.
I only have a couple of additional points to make.
1) URL's are relative ... it depends on what the web server name resolves to.
True, but so what? The issues with secured URLs are that they remain resolvable
for long periods and that they material they resolve to does not change.
Neither of these factors are necessarily affected by DNS resolution pointing at
multiple servers. In fact I'd argue that having multiple servers for a given
URL increases the changes of it being resolvable for long periods of times. And
the effect on stability of content is probably negligable.
And as far as DNs go, haven't you heard of X.500 replication and distribution
services? These services in effect give DNs the same general characteristic of
being serviced by multiple servers. There is no guarantee that X.500 servers
are going to be any more consistant (in my experience they are often quite
inconsistent) than the DNS or different web servers are. And as far as
stability goes, present-day X.500 services are a joke -- they are both
wildly inconsistent and semifunctional at best.
2) the move over the next few years will be toward URN's. These are
independent of DNS resolvers. They provide location and replication
transparency (among other things).
The goal of having replication and transparency here stands in direct
contradiction to your first issue.
3) the more general of a URI capability that is supported, the less
constrained we are to the technology.
Donald is right, this is a tautology.
Ned