[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Straw Poll: SerialNumber definition
- Subject: Re: Straw Poll: SerialNumber definition
- From: Antonio Lioy <lioy@xxxxxxxxx>
- Date: Thu, 24 Feb 2000 09:55:23 +0100
- Cc: ietf-pkix@xxxxxxx
- Organization: Politecnico di Torino
- References: <>
Bengt Ohlsson wrote:
>
> Stefan,
>
> I think there is an even simpler solution to the problem
> by using the SubjectAltName extension. Just take those
> RDNs that are required to make the name unique and
> use those RDNs as a directoryName entry in the
> SubjectAltName extension. E.g. if the serialNumber
> attribute is unique by itself, then the SubjectAltName
> entry will only contain the serialNumber. This also allows
> for a QC to contain different forms of unique names for
> the same subject.
>
> This will not affect any existing applications, since no
> new attributes are instroduced. New applications that
> will use QC can use the SubjectAltName extension to
> find a name that is usable for the application.
I support this position.
We have already used the subjectAltName extension and we are
quite satisfied with it. In fact we can have more than one
of it, to insert into the certificate a variety of SN or
unique identifiers.
For example, we use it to insert our unique University ID
but a second extension could be added for standard Italian
national personal code, or for the case where the same
individual belongs to two different organizations.
Each subjectAltName is distinguished by a unique OID and
hence each application can look for the one that it is able
to deal with.
This goes in the line of having just one certificate for
person, instead of forcing people to have multiple
certificates for multiple applications.
Antonio Lioy