[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: dnQualifier has a bright future?

To: "'Manger, James H'" <James.H.Manger@xxxxxxxxxxxxxxxxxxxxxxx>, "'SEIS-List'" <list@xxxxxxxxxxxxxxxxx>, "'ietf-pkix@xxxxxxx'" <ietf-pkix@xxxxxxx>
Subject: RE: dnQualifier has a bright future?
From: Anders Rundgren <anders.rundgren@xxxxxxxxxx>
Date: Thu, 17 Feb 2000 16:05:09 +0100
Cc: "'Charles Moore'" <cmoore@xxxxxxxxxxxxx>, "'tgindin@xxxxxxxxxx'" <tgindin@xxxxxxxxxx>

James,
to overload the semantics of dnQualifier is probably not requested by anybody.

But we have a "situation" where we essentially only have three more or the less
bad alternatives

1. Do as QC-03 and overload serialNumber semantics.  Has so far as I can see
   been rejected already.  Note: serialNumber is still a good UID replacement.

2  "Legalize" the current wide-spread misinterpretation of dnQualifier and deprecate 
   the "true" X520 definition based on the assumption that there is virtually no
   customer-base using it

3. Define a brand new attribute and OID for this purpose (dn disambigiuer)


Personally I think that #2 would be better as it is closer to existing misuse and probably also
have direct software support (known OID)

But, #3 is OK as well although it seems that new attributes cause a lot of worries about
broken software etc.  I am not THAT worried as QCs will require new SW that currently is not
standard anyway (like browser plugins to support signing)..

Anders

Prev by Date: RE: Serial number and dnQualifier in QC
Next by Date: RE: Serial number and dnQualifier in QC
Previous by thread: Serial number and dnQualifier in QC
Next by thread: retrieving cert info from server
Index(es):
- Date
- Thread