> Howard Chu wrote: > > Kurt still has a valid point that we can > get into trouble making assumptions about > externally obtained identifiers, And he's perfectly right with that. > but it strikes me that most > people who will want to use this feature are > already setting up their own CAs and are already generating > certificate DNs in parallel with their LDAP > DN hierarchy. Opinions, anyone? Up to now even people who do propose matching certificate and LDAP DIT did not manage to build up a matching DN tree and keep it that way stable. Period. (Besides issues with strange unstructered DNs like in my Thawte cert, see signature). Ciao, Michael.
Description: S/MIME Cryptographic Signature