[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Display name attribute
> I see. Thanks for the clarification. I sense some tension
> between the concept of a certificate and that of a
> Directory entry. Is the problem that an X.509 cert
> can not contain a display name ?
>
The X.509 cert contains a DN (which can contain anything you want
in terms of attributes, common names or display names, it makes no
difference) plus an optional General Names field in an extension that
can hold an email address or an IP address or DNS name plus a
few others. It could even hold a display name if you wanted it to. But
noone currently is suggesting you do that.
So you ideally want the DN in the directory to be the DN in the cert,
and for the DN to be meaningful and unique. But because some
orgs dont have truly unique DNs (only local DNs) then the email
address in the cert also provides global uniqueness.
> I'd note that the intention of DisplayName
> is not to encourage people to store even more useless
> information in cn than they did previously ! Do you believe
> that it could have that effect ?
It could. This is why I was trying to ascertain the real purpose of
display name, and why CN could not be used equally as well. My
conclusion is that display name is there to solve the problem of
people not using sensible CNs, so that the directory entry can be
usefully displayed, but this does not solve the certificate problem.
The better solution would be to encourage people to use a sensible
CN in the DN (then if CN is multiple valued this does not matter as
you use the DN one for display purposes and the other ones for
searching)
David
David
>
>
>
>
***************************************************
David Chadwick
IT Institute, University of Salford, Salford M5 4WT
Tel +44 161 295 5351 Fax +44 161 745 8169
*NEW* Mobile +44 790 167 0359 *NEW*
Email D.W.Chadwick@iti.salford.ac.uk
Home Page http://www.salford.ac.uk/its024/chadwick.htm
Understanding X.500 http://www.salford.ac.uk/its024/X500.htm
X.500/LDAP Seminars http://www.salford.ac.uk/its024/seminars.htm
Entrust key validation string MLJ9-DU5T-HV8J
***************************************************