RE: Basic Cert-2-Directory mapping question

[Stephen Kent <kent@xxxxxxx>]

Bob,

> Skip, as you correctly point out, the problem is not so great in the case
> of an organization that operates its own DNS domain, and uses that domain
> as the means of providing directory service access. Certainly a company
> like Novell, Lockheed, GTE (oops, Verizon), etc., could easily do so.
>
> But notice some of the problems.  I'm not picking on our esteemed 
> co-chair, but
> notice that Steve's e-mail address, kent@xxxxxxx, is two corporate mergers
> behind the times, since GTE acquired BBN, and then Verizon was formed out
> of GTE and Bell Atlantic. But if his certificate were deposited at 
> something like
> directory.verizon.com, how would you extract that from the BBN name?
> would all of those older e-mail address have to have a set of alias 
> DNS names for
> the directory server?

Life is a bit more complicated than your example suggests.  I still 
work at BBN, BBN Technologies, a part of Verizon. We still own the 
domain name BBN, and we're getting our own logo again, so mergers and 
acquisitions don't always warrant wholesale changes! My GTE 
colleagues probably do need to change over to new, Verizon e-mail 
addresses, over time, but not instantly. The GTE and Bell Atlantic 
logo change will be phased over about 2 years, in the physical arena, 
so one could expect a similar grace period in cyberspace. Also, it 
would not be unreasonable for a Verizon directory to provide links to 
BBN, just as people often maintain multiple e-mail addresses, with 
appropriate internal links, to smooth over transitions of this sort. 
(I'm kent@xxxxxxx, but skent@xxxxxxx works, and stephen.kent@xxxxxxx 
works too!)

<snip>


Steve