[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: any surveys about DC vs O,C ?

To: int Mike Jackson <jacksonm@isorauta.ntc.nokia.com>
Subject: Re: any surveys about DC vs O,C ?
From: Adam Williams <awilliam@whitemice.org>
Date: Tue, 25 Mar 2003 12:14:06 -0500 (EST)
Cc: openldap-software@OpenLDAP.org
In-reply-to: <20030325103447.GC2353@isorauta.ntc.nokia.com>

>Do you see how they disagree with each other?
>RFC3280 states that implementations MUST be able to receive the
>domainComponent attribute. So, IMHO, it makes sense to compose a subject
>name that matches the directory base instead of opposing it. Howver, the
>problem is that quite alot of CA software interfaces (RSA, SSH,
>Netscape) make it difficult to use anything except c,o for the subject
>name. Some applications have even went so far as to hardcode c,o format
>into CMPv2 request forms, etc.
>Any opinions on this subject? Anybody here who has implemented a
>directory and PKI according to the disagreeing examples that I've shown
>above? If so, what problems have you encountered wrt publishing certs,
>client application cert lookups, etc?

Why not pick which one you like best and use suffixAlias, or more 
currently back-mta, to present the directory as both.

References:
- Re: any surveys about DC vs O,C ?
  - From: "int Mike Jackson" <jacksonm@isorauta.ntc.nokia.com>

Prev by Date: Re: any surveys about DC vs O,C ?
Next by Date: Re: Net::LDAP problem
Index(es):
- Chronological
- Thread