[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Straw Poll: SerialNumber definition

To: "'Stefan Santesson'" <stefan@xxxxxxxxxxx>, <ietf-pkix@xxxxxxx>, <EL-SIGN@xxxxxxxxxxxx>
Subject: Re: Straw Poll: SerialNumber definition
From: "Anders Rundgren" <anders.rundgren@xxxxxxxxxx>
Date: Fri, 18 Feb 2000 23:39:37 -0000
Cc: "Magnus (RSA)" <magnus@xxxxxxxxxxxxxxx>

Stefan,

<snip>

>Let me give you one reason/example why we can't require serialNumber to be
>unique for a person.


This is very important: I do not REQUIRED that serialNumbers should be unique
for a person.  I really think they should but my world is not smashed into pieces if I don't get
it.  Such a solution would IMO require a reinstated dnQualifier as well.

I have though requested simple (as I am only intereted in real-world stuff you know) additions
to QC CP-requirements so that a conforming CA must DECLARE a few VERY important things like

   Naming domain.

   How serialNumbers and other DN components are to be interpreted during the decoding of the
   unmistakable identity and that this interpretation may or may not be X500-friendly (using DN as a whole).

   State the reuse of the extracted identity over time versus entities.

With a fairly limited set of rules like that you can design apps with confidence and compare certs
or SNs or whatever in a defined way.

To use private OIDs for such things is IMO a vaste of time as you have to do this separately
for each CA as the OIDs are not standardized.  And then there is the default-interpretion-rule-trauma.

Note: No new bits and bytes.  Just rules will do the trick.


<snip>

Anders

Prev by Date: RE: SEIS: Stray Poll: SerialNumber definition
Next by Date: Re: Straw Poll: SerialNumber definition
Previous by thread: RE: SEIS: Stray Poll: SerialNumber definition
Next by thread: Re: Straw Poll: SerialNumber definition
Index(es):
- Date
- Thread