[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: X.509 certificate and its subject name field

To: luan@xxxxxxxxxxxxxxx
Subject: Re: X.509 certificate and its subject name field
From: Stephen Kent <kent@xxxxxxx>
Date: Fri, 23 May 1997 17:12:57 -0400
Cc: ietf-pkix@xxxxxxxxxx, ssl-talk@xxxxxxxxxxxx
In-reply-to: <>

Shyh-Wei Luan,

The reasons you cite are ones that motivated the introduction of the
Subject and Issuer Unique IDs.  However, one can argue that appropriate
care in managing  names can largely avoid this problem.  For example, every
company I know assigns an employee ID (or payroll ID, or whatever)
specifically to distinguish among folks who are work for the company
(either at the same time or over some time interval) and who may have the
same name.  If one uses a DN in the Subject field, it would be appropriate
to make the terminal RDN be a set, consisting of a common name and an
employee ID number, to do the same thing that the personnel/payroll
departments figured out years ago.  So, for organizational persons, this
argues against using the Subject UID field.  For many other contexts,
account numbers are likley to be employed as Subject IDs, and the
organizations dealing with the certs already know how to manage account
number rollover (and often will not be using ACLs as one might in a
distributed system).

Steve

References:
- X.509 certificate and its subject name field
  - From: (Shyh-Wei Luan)

Prev by Date: Re: X.509 certificate and its subject name field
Next by Date: e: X.509 certificate and its subject name field
Previous by thread: X.509 certificate and its subject name field
Next by thread: Re: X.509 certificate and its subject name field
Index(es):
- Date
- Thread