Re: Missing Protocol ?

["David P. Kemp" <dpkemp@xxxxxxxxxxxxxx>]

Oh, well in that case, why don't we just use GeneralName:registeredID
and be done with it.

Both OIDs and DistinguishedNames are supposed to have Naming
Authorities which maintain registries and delegate the responsibility
to maintain subordinate registries.  But only OIDs seem to actually
follow the model :-(.  The only way to get an OID arc under US(840) is
to get it from ANSI.  There is no corresponding discipline in
establishing DNs beginning with, e.g., C=US, and until every cert
issuer agrees that there should be, there will be no global DNs.

Dave



> From: tgindin@us.ibm.com
> To: "David P. Kemp" <dpkemp@missi.ncsc.mil>
> cc: ietf-pkix@imc.org
> Date: Fri, 14 Apr 2000 16:06:03 -0400
> 
>      I don't think that anyone is proposing "an effort to develop a schema
> for the universe of information which could constitute a human identity".
> At least I hope not :-(
>      What I, at least, am proposing is a mechanism by which identifiers
> which were assigned by a known identified organization can be represented
> in a GeneralName, in such a way that an RP can tell who is the assignment
> authority for the identifier.  The cases where the assignment authority is
> a government agency or the issuing CA are of special importance.  Some may
> consider this out of scope for PKIX, but it is certainly not more complex
> or unworkable than the existing DN arrangement.
>      The fields that would actually be used in this way are likely to
> include things like employee identifications.  "John Smith who has been
> General Motors employee 356789" is a much more definitive identifier than
> "John Smith" or even "John Edward Smith from Michigan who works for GM".
> 
>           Tom Gindin