[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Serial number and dnQualifier in QC

To: "ietf-pkix@xxxxxxx" <ietf-pkix@xxxxxxx>, "'SEIS-List'" <list@xxxxxxxxxxxxxxxxx>, "EL-SIGN@xxxxxxxxxxxx" <EL-SIGN@xxxxxxxxxxxx>, "'Stefan Santesson'" <stefan@xxxxxxxxxxx>
Subject: RE: Serial number and dnQualifier in QC
From: Anders Rundgren <anders.rundgren@xxxxxxxxxx>
Date: Thu, 17 Feb 2000 16:44:32 +0100
Cc: "'Magnus Nystrom'" <magnus@xxxxxxxxxxxxxxx>

Stefan,

>he WAP definition fits well in the PKIX QC definition, they just put more
>cnstraints on the usage.

The constraints are such that the existence of a serialNumber is effectively a UID
and there is no need to interpret (to create the unmistakable identity), the other subject
attributes as they are redundant.

Such certificates (with serialNumber) from a particular CA can without hesitation
be compared by a server-based RP.

That is a very clear message to someone doing an application IMO. 

Anders


/Stefan

> -----Original Message-----
> From: Anders Rundgren [mailto:anders.rundgren@jaybis.com]
> Sent: Thursday, February 17, 2000 16:04
> To: ietf-pkix@imc.org; 'Stefan Santesson'; 'SEIS-List';
> 'EL-SIGN@LIST.ETSI.FR'
> Cc: 'Magnus Nystrom'
> Subject: RE: Serial number and dnQualifier in QC
>
>
> Stefan,
> Do you really read this list?  Overloaded semantics has been
> questioned by many others!
>
> >Neither is the concept of serial numbers defined and even if
> we all have our
> >own interpretation of what a serial number is, I se no reason, and no
> >possibility, to exactly define the concept of serialNumber
> more than the
> >current QC 03 draft already does.
>
> For a standard that is designed to support legally binding
> signatures and
> INTEROPERABILITY we have then come to the point where we
> apparently need a
> de-facto standard instead, so we know what a serialNumber really is.
> Could someone from VeriSign PLEASE inform us how YOU
> intend to utilize serialNumbers so the world has at least
> SOMETHING to cling to?
>
> Its odd that WAP-forum actually succeeded to specify
> conditions regarding serialNumber
> that absolutely does not fit within the QC-03 draft....
>
> WAP:
>
>      "Certificate-issuing applications including this
> attribute in the subject name of an entity
>      must not reuse the attribute value in certificates
> issued to other entities"
>
> That is definitely NOT applicable to a DN disambiguer
>
> And please inform ETSI that WAP-certs (that may very well be
> used in legally
> demanding situations) have another identity concept.
>
> Anders
>

Prev by Date: RE: Serial number and dnQualifier in QC
Next by Date: [no subject]
Previous by thread: [no subject]
Next by thread: Stray Poll: SerialNumber definition
Index(es):
- Date
- Thread