[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Straw Poll: SerialNumber definition

To: "PKIX-List" <ietf-pkix@xxxxxxx>, "'SEIS-List'" <list@xxxxxxxxxxxxxxxxx>, "Charles Moore" <cmoore@xxxxxxxxxxxxx>, <EL-SIGN@xxxxxxxxxxxx>
Subject: Re: Straw Poll: SerialNumber definition
From: "Anders Rundgren" <anders.rundgren@xxxxxxxxxx>
Date: Sat, 19 Feb 2000 09:24:14 -0000

Charles,

>I can send you some example of CP qualifiers that we have use din closed
>communities to do some of the things you are looking for...


Don't do that because as I say, the number of rules to MANDATORY DECLARE for a QC CA
(in plain writing, NOT as private OIDs) can't be that great.  To solve the "identity crisis" that is.

It could/should be 

   Naming domain
      "Citizen of Guatemala"
      "VeriSign Qualified Certificate Domain"
      "Telia Mobitel"
      "IBM Corp."
      "Utah Driving License Register"

   How subject DNs are to be interpreted to form the unmistakable identity (*)
      "All DN components"
      "[SN only],  CN contains the name of the subject at the time of issuing"
      "[SN + OU], CN contains the name of the subject at the time of issuing"

  How the CA reuses unmistakable identities (UI)
      "Never reuses an UI to another entity"
      "May reuse an UI to another entity"      ; Should NOT be alllowed for a QC IMO
   

(*) Strictly X.500 all QC-variants using the entire DN form an unmistakable identity
but that the THEORETICAL model.   The PRACTICAL model may go a few steps
further.  And does so in a number of large, potentially very important PKIs.

Anders

Prev by Date: Re: Straw Poll: SerialNumber definition
Next by Date: QC++ BOF suggestion
Previous by thread: Re: Straw Poll: SerialNumber definition
Next by thread: Re: Straw Poll: SerialNumber definition
Index(es):
- Date
- Thread