Bob Lord wrote:
> In older versions of Communicator, there was a step in the certificate
> enrollment process where the user was asked to name his/her newly issued
> certificate. Although this gave the user some flexibility, it mostly
> casued problems. Users would sometimes choose non-descriptive names
> that would cause Help Desk problems down the road. It also added extra
> clicks to the certificate issuance process. More clicks meant higher
> Help Desk costs. And there was no way to rename the cert, so whatever
> you chose stuck with you forever.
> We eliminated that ability for most cert enrollments (around C4.6 or
> so?), and instead chose the nickname for the user (e.g. "Robert Lord's
> Verisign ID"). (There are ways to override that default with Javascript
> if the CA administrator wants to.)
The inability to rename the certs are now a bigger problem because users never
have the opportunity to override the PSM chosen name for the cert. These
nicknames get transported via PKCS #12 and are stuck forever. If we have some UI
that allows us to rename cert nicknames then the current semantic of letting
PSM/CA administrators pick the nickname at issuance time because a much more
acceptable (in fact prefered) semantic among all our users.
> In any event, we should be able to be descriptive enough in any
> situation that we don't need to let users select nicknames. I'm sure we
> can come up with some reasonably good ways to keep the length reasonable
> when pressed.
We should do this even when we have the user ability to rename certs nicknames
>
bob
