nX.509
certificates are part of the “names as principles” camp
n“The
important thing in an X.509 cert is the DN, everything else is along for the
ride.”
nThe
X.509 assumption is that you always have access to the global directory
nNeed
to find the issuer’s public key? Use the issuer DN to query the global directory,
find the user object, and find his one & only certificate