A few basic DN conventions are included in the IPRA policy. The IPRA will certify PCAs, but not CAs nor users. PCAs will certify CAs, but not users. These conventions are required to allow simple certificate validation within PEM, as described later. Certificates issued by CAs (for use with PEM) will be for users or for other CAs, either of which must have DNs subordinate to that of the issuing CA.
The attributes employed in constructing DNs will be specified in a list maintained by the IANA, to provide a coordinated basis for attribute identification for all applications employing DNs. This list will initially be populated with attributes taken from X.520. This document does not impose detailed restrictions on the attributes used to identify different entities to which certificates are issued, but PCAs may impose such restrictions as part of their policies. PCAs, CAs and users are urged to employ only those DN attributes which have printable representations, to facilitate display and entry.