<snip>
Another disadvantage to mapping is that it creates another
opportunity to make errors, i.e., in mapping from the certificate
space to the application space. the database needed to perform the
map is an additional source of errors, or an additional attack point,
and generally lacks the integrity afforded to certs.
Dear Steve,
In other more established sectors of the IT-industry, the need
for mappings have been reduced by introducing globally
agreed-upon identifiers like UNSPC for product codes.
PKI is literally decades behind, where people still are fighting
about the very basics, like where to put and how to interpret identity
information, here referring to Subject DNs, SubjectAltNames,
URIs, PIs, e-mail addresses, DUNS numbers, etc.
Unless we are talking private and closed PKIs, mapping
is still a necessary evil for most systems.