One of these days I'll learn to discuss religious issues in Sunday School,
where everyone is the same religion.
I don't disagree in general with your remarks, especial your practical
observations. And having been a member of the NADF for several years, I'm
quite disappointed that X.500 hasn't made a bettter showing for itself.
I was really just expressing a preference for call-by-name rather than
call-by-value as way of specifying things.
As for your example, it happens to be a perfect illustration of how these
things can go wrong. You gave a DN of the form C=US, o=whatever, ... Looks
reasonable, right? Trouble is, you're not allowed to register as an
organization under C=US without some sort of special national standing.
Organizational entries are properly made one level down, under the various
state registries. So, for most companies, it ends up as something like c=US,
st=CA, o=Certificates R Us, etc.
Just to clarify a nit -- the special national standing is really quite easy
to arrange, and probably worthwhile doing if your lawyers care about
protecting your corporate name. The registration process consists of sending
in an application to ANSI, along with a fee of around $2500 as I recall. You
can ask for either an OID or an OID plus a name. ANSI publishes your chosen
name in a standards bulletin for two or three months, and if no one complains
it is yours. Its a bit expensive and takes a while, but it's painless and
well worth doing if you think you might need to create a private X.509
attribute, for example.
In contrast, the procedures for registering a name at the state level are
quite arbitrary, and vary from state to state. Sometimes the states allow you
to register a name with them as a "foreign" (out-of-state) corporation, and
sometimes not. The semantics are particularly confusing -- duplication of
names may or may not be prevented, depending on the business you are in. Its
even worse at the local level.
The states in particular, as well as ANSI, tend to enforce arbitrary rules on
the character set used in your orgnaization name, so you can forget n-tilde
or c-cedilla -- NAFTA hasn't reached them yet, so if you are a Canadian firm
that wants to be registered at a state level, forget it.
But enough, already. I've spent enough blood on this issue to last a while,
and don't want to get sucked into it again, at least on this list.
Bob
Robert R. Jueneman
GTE Laboratories
1-617-466-2820 Office
1-508-264-0485 Telecommuting