Michael Urban wrote:
> Perhaps a file mapping a certificate subject name to a local
> username is a better solution. The certificate can be used at sites
> with different usernames that aren't known at certificate issue time,
> and doesn't require extra baggage in the certificate.
This might work for me, but it wouldn't work for John Smith... You
don't want a second person turning up, who is genuinely called John
Smith, but isn't the person you thought you were referring to.
A better approach would be to map the whole DN to the user ID, but
then you run into problems with CAs that don't include much
information in the DN. I think the Thawte freemail CA is like this;
the DN is just your name with enough containers to make it valid.
(Not that there is a lot else that they could do, but it makes it a
bit awkward.)
----------------------------------------------------------------------
phone +44 (0) 20 8542 7856, fax +44 (0) 20 8543 0176, post:
Skygate Technology Ltd, 8 Lombard Road, Wimbledon, London, SW19 3TZ
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
