[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: any surveys about DC vs O,C ?

>Do you see how they disagree with each other?
>RFC3280 states that implementations MUST be able to receive the
>domainComponent attribute. So, IMHO, it makes sense to compose a subject
>name that matches the directory base instead of opposing it. Howver, the
>problem is that quite alot of CA software interfaces (RSA, SSH,
>Netscape) make it difficult to use anything except c,o for the subject
>name. Some applications have even went so far as to hardcode c,o format
>into CMPv2 request forms, etc.
>Any opinions on this subject? Anybody here who has implemented a
>directory and PKI according to the disagreeing examples that I've shown
>above? If so, what problems have you encountered wrt publishing certs,
>client application cert lookups, etc?

Why not pick which one you like best and use suffixAlias, or more 
currently back-mta, to present the directory as both.