RE: Basic Cert-2-Directory mapping question

["Slone, Skip" <skip.slone@xxxxxxxx>]

RFC 2377 proposes using dc-based naming as an alternative to "civil" naming
schemes. Such naming schemes (using RDNs constructed from attributes such as
country, stateOrProvince, organization, etc.) were originally published in
an Informative Annex to X.521. Neither scheme is mandated anywhere (civil is
documented in an Informative Annex; RFC 2377 is an Informational RFC).
Consequently, in the real world, we have both.

As you have suggested, RFC 2377-style names are readily resolved using the
approach outlined in pkixref; X.521-style names are not. If we could assume
the whole world would convert to RFC 2377-style naming, we wouldn't have to
worry about resolving civil names. However, as long as we have civil names
lying around in certificates and elsewhere, we have to either deal with them
or choose to ignore them. 

 -- Skip

-----Original Message-----
From: Oscar Jacobsson [mailto:oscar.jacobsson@xxxxxxxxxxx]
Sent: Thursday, January 11, 2001 4:47 AM
To: Slone, Skip
Cc: ietf-pkix@xxxxxxx
Subject: Re: Basic Cert-2-Directory mapping question


"Slone, Skip" wrote:
> Since civil-to-DNS name mapping typically fails to yield to a
> character string transliteration algorithm (e.g., "o=Joe's Bar and
> Grill" does not readily translate to are-you-hungry.com), this leaves
> us with a choice of either registering the translations or
> complaining that it can't be done.

Pardon my ignorance of these matters, but where exactly is this civil
naming scheme outlined?

IMHO the DNS-based naming scheme for in RFC 2377 has been around for a
couple years now, and when combined with the repository locator
documents I'd say it provides the information necessary for an RP to
locate the relevant repository.

//oscar