On 3/2/2021 4:00 PM, George Michaelson wrote:
X.500 is complicated because names are complicated.
Well, no. George, I worked on X.500 at the same time you did, and my conclusions are different. X.500 names main source of gratuitous complexity what that they embedded an arbitrary hierarchy. If I remember correctly, the name hierarchy in X.500 embedded things like country name, telecom company name, city, street, company (aka, organization), department (a.k.a., organization unit), maybe several levels of those, and then common name. Some attributes did not identify the person at all, but where there to route the query to relevant database. Many of these attributes are useful when searching for "Jane in Marketing", but the fact is that pretty much each of those attributes have different possible values like short or long versions, and that they are probably not all required to identify the person. In order to manage the system, users were expected to pick a specific subset of "distinguished" attributes, which would have enough routing information in them to find the relevant database and then uniquely identify an entry in that database -- that's why the X.500 names in certificates are called "distinguished names". Suffice to say that people found it way easier to refer to "jane@xxxxxxxxxxxxxxxxxxxxx".
-- Christian Huitema
