Re: Straw Poll: SerialNumber definition

[Paul Koning <pkoning@xxxxxxxxx>]

>>>>> "Denis" == Denis Pinkas <Denis.Pinkas@bull.net> writes:

 Denis> As David Kemp noticed it there are two ways to use additional
 Denis> RDN attributes:

 Denis> 1) as a disambiguator,

 Denis> Originally the idea was to add a disambiguator only in the
 Denis> case where two certificates, without the disambiguator, would
 Denis> contain identical DNs.

 Denis> 2) as a static identifier.

 Denis> Originally the idea was to use the static identifier without
 Denis> using the other DN components, which meant that the static
 Denis> identifier was sufficient to identify an individual.

 Denis> The first case means that *all* the components of the DN are
 Denis> used in conjunction with the dnq (DN Qualifier), while the
 Denis> second means that *none* of the components of the DN are used
 Denis> in conjunction with the dnq (DN Qualifier).

 Denis> In addition to these two extremes (all versus none), there is
 Denis> a number of variations where the dnq (DN Qualifier) does not
 Denis> apply to all or none, but to *some* of the components of the
 Denis> DN. This would solve other concerns raised on that thread.

Ouch.

The situation we started from is that there were two ways of
interpreting a particular attribute.  The new situation you're
pointing to is to increase that number from 2 to N.  I think that's a
large step in the wrong direction.

The problem with many standards is that they have too many options,
not too few.  Adding more stuff for the purpose of adding N-2 new
options is not a good thing at all, in my view.

	paul