[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Basic Cert-2-Directory mapping question

To: pgut001@xxxxxxxxxxxxxxxxx
Subject: Re: Basic Cert-2-Directory mapping question
From: Stephen Kent <kent@xxxxxxx>
Date: Mon, 8 Jan 2001 10:40:10 -0500
Cc: ietf-pkix@xxxxxxx
In-reply-to: <>
References: <>

Peter,

I have not read your paper, but the assertion that DNs don't work, without substantiation, seems a bit strong. Certainly when people create arbitrary DNs, without regard to the semantics of directory structure, bad things happen. Also, it is fair to say that the grand, nations as top level directory operators model that X.500 envisioned has not happened, and it unlikely to ever happen in some places, e.g., the U.S. However, the suggestion of hashing a DN and using it as a search key always seems to have the problem of breaking the knowledge reference part of X.500 (and of all, analogous, tree structure, distributed directories), which rely on looking at name structure to figure out where to look for an entry that is not local.

finally, the IETF has had a standard means of encoding a DNS name as a DN for several years, which suggests that there is at least one scheme that would work.

Steve

Follow-Ups:
- Re: Basic Cert-2-Directory mapping question
  - From: Michael Ströder

References:
- Re: Basic Cert-2-Directory mapping question
  - From: Peter Gutmann

Prev by Date: Servers for OCSP v1 interoperability testing
Next by Date: RE: DPD & DPV requirements - Let us Recurse
Previous by thread: Re: Basic Cert-2-Directory mapping question
Next by thread: Re: Basic Cert-2-Directory mapping question
Index(es):
- Date
- Thread