Re: Profiling CN usage

Chris Tzu <tzu@qsun.ho.att.com> Fri, 21 March 1997 20:36 UTC

Message-Id: <3332F181.73A2@qsun.att.com>
Date: Fri, 21 Mar 1997 15:37:21 -0500
From: Chris Tzu <tzu@qsun.ho.att.com>
Reply-To: tzu@qsun.ho.att.com
Organization: AT&T
Mime-Version: 1.0
To: ietf-pkix@tandem.com
Cc: agrim@qsun.ho.att.com, sri@qsun.ho.att.com, rvh@qsun.ho.att.com
Subject: Re: Profiling CN usage
References: <85889153321996@cs26.cs.auckland.ac.nz>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Peter,

Peter Gutmann wrote:
> 
> >This will become a problem as more and more protocols take advantage of
> >X.509 (or whatever the 'public key signed by someone else' standard will
> >be). For example, there is no standard for what should be in the CN for
> >LDAP, etc.
> 
> I suspect I've probably mentioned this here before, I've collected what
> information I could find on X.509 usage, including some comments on the use
> and format of DNs/CNs, in http://www.cs.auckland.ac.nz/~pgut001/x509guide.txt.
> This isn't any attempt at defining a standard profile, but merely "here's what
> others are doing, and some suggestions on what you should try to do" (along
> with traps to watch out for).
> 
> Peter.

This is a very interesting area which is currently being worked
in the IETF IDS Group. In particular, they are progressing toward
a naming plan which applies to user names and CA names in X.509 
certificates.

The proposed naming plan take advantage of the domain name which
everyone is already familiared with, and very scaleable.

See
ftp://ds.internic.net/internet-drafts/draft-ietf-ids-dirnaming-01.txt

BTW, the guide you produced was excellent reading.

Chris Tzu
AT&T
Directory and Security Services

Re: Profiling CN usage Chris Tzu
Re: Profiling CN usage Peter Gutmann
Profiling CN usage Patrick Richard