[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Basic Cert-2-Directory mapping question

To: <pgut001@xxxxxxxxxxxxxxxxx>, <ietf-pkix@xxxxxxx>
Subject: Re: Basic Cert-2-Directory mapping question
From: "Anders Rundgren" <anders.rundgren@xxxxxxxxx>
Date: Thu, 11 Jan 2001 07:10:44 +0100
References: <>

Peter,

> >Flat name spaces scale poorly, lead to confusion, and are thus not attractive
> >in various ways.  People do like flat name spaces, until they trip over the
> >limitations they embody, then they complain and look for magic solutions.
> >I've seen no appropriate magic for this problem.
>  
> Have you actually seen the problem though?  It's automatically assumed that
> there's some vast, unassailable problem which hierarchical names will solve,
> but I don't think I've ever seen it except as some special-case, often
> hypothetical situation which is used to justify the need for DNs (or whatever).
> In the real world people have been using their flat, non-scalable name spaces
> for several decades without any sign that civilisation is about to collapse.

I second that 100%.  The only thing you gain by hierarchical cert names is rigidness
(i.e. can only be used in a certain regime) and low trace ability (change position
and then you become another identity).  So even for closed PKI's we do have
a serious mapping issue IMNSHO.

Anders

Follow-Ups:
- Re: Basic Cert-2-Directory mapping question
  - From: Stephen Kent
- Re: Basic Cert-2-Directory mapping question
  - From: Polar Humenn

References:
- Re: Basic Cert-2-Directory mapping question
  - From: Peter Gutmann

Prev by Date: Re: Basic Cert-2-Directory mapping question
Next by Date: AccecptPKCS7 Failed, Why return 424 ?
Previous by thread: Re: Basic Cert-2-Directory mapping question
Next by thread: Re: Basic Cert-2-Directory mapping question
Index(es):
- Date
- Thread