RE: A web of directories

["Kurn, David" <david.kurn@xxxxxxxxxx>]

Mike

Of course, if you *know* it's from the State of Utah.  But, let's consider
that I send you mail.  You have no idea who/what I am, so you look at my
signature certificate and try to deduce something from it.  Maybe if you're
a human being and bring to the table lots of context, you can guess where to
look for CRL,s or for the CA's web site, etc.  But, if you are a computer
program, it would be a lot easier if the certificate stated:

  To find the CRL and other stuff of the CA that issued me, please look in
this <URL or URI or something>.

David

-----Original Message-----
From: Mike Smith [mailto:mfsmith@zionsbank.com]
Sent: Monday, February 22, 1999 12:48 PM
To: david.kurn@compaq.com; BJUENEMAN@novell.com; tgindin@us.ibm.com
Cc: ietf-pkix@imc.org
Subject: Re: A web of directories


Bob:

If you received a certificate from State of Utah for your drivers license,
fish and game or whatever, then shouldn't the CA that issued the cert
support the directory service for that function?

Attempting to put all of one's identities in a single certifcate is not
practical for any entity, whether corporate or human or animal (e.g.,
issuing a certificate of authenticity for a thoroughbred race horse with
it's DNA signed by the CA, or some such future application with biometric
filters as part of the biometric certificate authentication to activate the
information system that actually processes the "signature" of the entity
(say, for medical services)).

Anyway, one cert is never enough (and this is not just to drum up more
business for our CA service).

Michael