[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: any surveys about DC vs O,C ?

tir, 2003-03-25 kl. 11:34 skrev int Mike Jackson:

> > Perhaps I've misunderstood the question, but isn't this the standard way
> > of doing things?
> This is probably not the proper mailing list for this discussion. If
> somebody knows of a more appropriate one, then please let me know.

You already got Michael's answer to that.

> Anyway, here goes a more detailed explanation of what I am trying to
> gather information about.
> Example DN:
> cn=Mike Jackson,ou=users,dc=nokia,dc=com
> Example X.509 Subject Name:
> cn=Mike Jackson,ou=users,o=nokia,c=us

> Do you see how they disagree with each other?

Yes, I misunderstood the question.

> RFC3280 states that implementations MUST be able to receive the
> domainComponent attribute. So, IMHO, it makes sense to compose a subject
> name that matches the directory base instead of opposing it. Howver, the
> problem is that quite alot of CA software interfaces (RSA, SSH,
> Netscape) make it difficult to use anything except c,o for the subject
> name. Some applications have even went so far as to hardcode c,o format
> into CMPv2 request forms, etc.

rsasecurity.com details PKCS standards that are used by most clients and
servers of all types:


You've obviously done more work on this than I with regard to what
you're trying to do, Richard Levitte (this list) seems to be completely
au fait.

What are you trying to do with the certs that isn't already covered in
the PKCS standards?

What bearing does it have on Openldap?




Tony Earnshaw

e-post:		tonni@billy.demon.nl
www:		http://www.billy.demon.nl