one possible reason is that the DN of the requestor will make it easy for the recipient to retrieve his certificate and verify the signature
regards David On 03/11/2011 17:16, Erik Andersen wrote:
Hi, In 7.3 of X.511 one might find the following text for the requestor parameter of the CommonArguments: The requestor Distinguished Name identifies the originator of a particular operation. It holds the name of the user as identified at the time of binding to the Directory. It may be required when the request is to be signed (see 7.10), and shall hold the name of the user who initiated the request. Can anyone explain why the requestor component may be required when the request is signed? The text has been there unchanged since the very first edition. 7.10 does not give any clue as to why the component may be required. Anyway, the requestor component is not very reliable for access control requirements, as it is supplied by the originator. The identity established during Bind is somewhat more reliable. Erik Andersen Andersen's L-Service Elsevej 48, DK-3500 Vaerloese Denmark Mobile: +45 2097 1490 e-amail: era@xxxxxxx Skype: andersen-erik http://www.x500.eu/ http://www.x500standard.com/ http://dk.linkedin.com/in/andersenerik
-- ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security School of Computing, University of Kent, Canterbury, CT2 7NF Skype Name: davidwchadwick Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@xxxxxxxxxx Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 ***************************************************************** ----- www.x500standard.com: The central source for information on the X.500 Directory Standard.