Question 162. What are Distinguished Names?

Distinguished names are the standard form of naming in an ITU-T X.500 directory [CCI88b] and in X.509 certificates (see Question 165). A distinguished name is comprised of one or more relative distinguished names, and each relative distinguished name is comprised of one or more attribute-value assertions. Each attribute-value assertion consists of an attribute identifier and its corresponding value information, e.g. "CountryName = US."

Distinguished names were intended to identify entities in the X.500 directory tree. A relative distinguished name is the path from one node to a subordinate node. The entire distinguished name traverses a path from the root of the tree to an end node that represents a particular entity. A goal of the directory was to provide an infrastructure to uniquely name every communications entity everywhere (hence the "distinguished" in "distinguished name"). As a result of the directory's goals, names in X.509 certificates are perhaps more complex than one might like (e.g., compared to an e-mail address). Nevertheless, for business applications, distinguished names are worth the complexity, as they are closely coupled with legal name registration procedures, something that simple names such as e-mail addresses do not offer.