[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: X.509 certificate and its subject name field
- To: Stephen Kent <kent@xxxxxxx>
- Subject: Re: X.509 certificate and its subject name field
- From: "Shyh-Wei Luan" <luan@xxxxxxxxxxxxxxx>
- Date: Tue, 27 May 1997 19:08:38 -0700
- In-reply-to: Stephen Kent <kent@bbn.com> "Re: X.509 certificate and its subject name field" (May 27, 1:46pm)
- References: Stephen Kent <kent@bbn.com> "Re: X.509 certificate and its subject name field" (May 23 5:12pm) <> <>
- Resent-date: Tue, 27 May 1997 19:44:17 -0700
- Resent-from: "Shyh-Wei Luan" <luan@xxxxxxxxxxxxxxx>
- Resent-message-id: <9705271944.ZM24854@jupiter.almaden.ibm.com>
- Resent-to: ietf-pkix@xxxxxxxxxx, ssl-talk@xxxxxxxxxxxx
Steve,
Let's think what happens during a corporate reorganization, company mergers,
or country unifications (:)). Names and directories may change! If UID's
are embedded in names and if applications do not carve out the UID's for use in
authorization decisions/ACL's, then we will have a BIG trouble! If it is
suggested that applications will have to pick up the UID from within the
subject
name, then it should be made clear in the spec. But, then how would non-X500
names be dealt with when they are supported??? Why don't we suggest the
use of the Subject UID field, then sit back and relax.
On May 27, 1:46pm, Stephen Kent wrote:
> Subject: Re: X.509 certificate and its subject name field
> Shyh-Wei,
>
> I think that, for organizational persons, a second component for
> the terminal RDN would usually be something that those managing the local
> namespace would see as natural, i.e., it is something like an employee ID
> number that has already been assigned and thus is not an arbitrary string
> like the Subject UID.
Why can't an employee ID number be used as ths Subject UID, if the ID is
never reused?
>
>-- End of excerpt from Stephen Kent