[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Stray Poll: SerialNumber definition

To: "'Anders Rundgren'" <anders.rundgren@xxxxxxxxxx>, <EL-SIGN@xxxxxxxxxxxx>, <ietf-pkix@xxxxxxx>, "'Stefan Santesson'" <stefan@xxxxxxxxxxx>
Subject: RE: Stray Poll: SerialNumber definition
From: "Stefan Santesson" <stefan@xxxxxxxxxxx>
Date: Fri, 18 Feb 2000 22:45:50 +0100
Importance: Normal
In-reply-to: <>

Anders,

As you may see if you read the specified section 3.2.5.1, there are no
speciffic OID:s for Swedish civic registration number etc, but there is a
defined place to put such OID:s if they are defined within a local
community.

I also would like to point out the solution mentioned by David Kemp, where
you can use a policy OID with a similar effect.

Let me give you one reason/example why we can't require serialNumber to be
unique for a person.

That is the case when the serialNumber contains an employee number or
similar code, which is unique only in combination with the organization
name.

When we have:

CN="Joe Black"
O="IBM"
SN="1234"

and

CN="Joe Black"
O="SUN"
SN="1234"

Well, is this the same person Joe Black working in two different
organizations or is this two persons with the same name and accidently also
having the same employee number.

Well, I sure can't tell and most systems would simply not care. But I'm sure
that our scheme in QC must recognize both cases as valid. Consequently the
exact sematics mut be allowed to be provided by other means (policy OID
and/or qcStatements extension)

/Stefan

-----Original Message-----
From: Anders Rundgren [mailto:anders.rundgren@jaybis.com]
Sent: Friday, February 18, 2000 5:23 PM
To: EL-SIGN@LIST.ETSI.FR; ietf-pkix@imc.org; 'Stefan Santesson'
Subject: RE: Stray Poll: SerialNumber definition


Stefan,

 >This is all wrong.

>Section 3.2.5.1 gives you all the tools you need to explicitly define the
>nature of the content in the serialNumber attribute.

OK, where can I find the list of defined OIDs expressing how to interpret
serialNumber
in the really impressing number of ways you provide in your posting?

Because, if a CA have to define these by itself and communicate this to all
potential
RPs it is really the CA that is setting the standard.  I don't buy into
that.

Another problem is that the absence of a clear default-interpretation of
serialNumber
semantics.

Nice list though!

/Anders

>And you can do more than just identify that the information is unique per
>user, you can also identify in what manner the information is unique (World
>wide unique, unique per certificate in the issuers domain, unique per
>subject in the issuers domain, unique per subject in the specified country
>etc).

>You can even define exactly the nature of the content (Swedish civic
>registration code, Utah drivers license number, etc...)

>And more to it, you can name the registration authority (Swedish tax
>authority, Utah drivers license registry, etc...)

>All of this you already have in QC 03, what else do you need ?


>/Stefan

References:
- RE: Stray Poll: SerialNumber definition
  - From: Anders Rundgren

Prev by Date: Re: Straw (was Stray) Poll: SerialNumber definition
Next by Date: RE: SEIS: Stray Poll: SerialNumber definition
Previous by thread: RE: Stray Poll: SerialNumber definition
Next by thread: RE: Stray Poll: SerialNumber definition
Index(es):
- Date
- Thread