Serial number and dnQualifier in QC

["Stefan Santesson" <stefan@xxxxxxxxxxx>]

Gentlemen,

I apologies for not being active in this debate but reading through the last
days of traffic on this subject makes me concerned.

First of all I don't like to do this debate all over again unless there are
some new circumstances that we didn't know about in the last round. And I
havn't found any so far...

We know that the dnQualifier have a defined semantics which is clearly
incompatible with a use as name collision eliminator within a DSA. Add to
this the fact that the concept of DSA is not completely relevant for subject
names in QC.

The fact above is confirmed with many persons that doesn't bother to say so
in this debate.

This leave us with serialNumber, which at this moment is being proposed to
be clarified in ITU X.520 by specifying that it can be used with any
"object" instead of just a "device".

This can be considered as a clarification more than a change, since the word
"device" isn't defined in X.509 anyway.

Neither is the concept of serial numbers defined and even if we all have our
own interpretation of what a serial number is, I se no reason, and no
possibility, to exactly define the concept of serialNumber more than the
current QC 03 draft already does.

For those who want to communicate the exact semantics of the code hold in
the serialNumber attribute, there is a solution by using the predefined
statement for attribute semantics in the qcStatemenets extension. Here you
can specify not only the semantics of the content but also the name
registration authority responsible for the code.

This solution is also proposed as a European standard, which currently is
prepared by ETSI.

It is also my understanding that the ITU editors has been informed by PKIX
through Stephen Kent that this issue is settled within PKIX.

I hope we all can move on from here and live with this.

/Stefan