[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Global unique identifier

To: "'Denis Pinkas'" <Denis.Pinkas@xxxxxxxx>
Subject: RE: Global unique identifier
From: Anders Rundgren <anders.rundgren@xxxxxxxxxx>
Date: Wed, 12 Apr 2000 15:29:08 +0200
Cc: "ietf-pkix@xxxxxxx" <ietf-pkix@xxxxxxx>

Denis,

>In RFC 2459 paragraph 4.1.2.6 we have : "The DN MUST be unique for
>each subject entity certified by the one CA as defined by the issuer
>name field". There is no requirement to make the DN unique across
>multiple CAs. 

Agreed, and I think the definition is OK.

>Adding this requirement would either break RFC 2459 or build
>something very different. Today, when a DN is used, it is a DN from
>a given CA.

Unless they conform to an "external naming/identification scheme".  But that does not
break 2459, it just extends it.

<snip>

>Now let us make the assumption that we introduce an explicit naming
>domain information (or naming authority information) in some form of
>name. Note that this topic does not apply only to the permanent
>identifier but could apply as well to the DN: this is why it should
>be discussed on a different thread. 

I definitely agree that this apply to the entire DN.

>As a conclusion, this particular aspect should be discussed on a
>separate thread (I have called it "Global unique identifier" but you
>may use any other name you prefer, as long as it is not "permanent
>identifier").

New tread? Nema problema!  Regarding global unique identifier I would prefer
that the external naming domains where registered centrally as they will be few.

Essentially only one per country at maximum.   Companies etc. and commercial
issuers like VerySign will use CA-specific naming domains I suppose?

Anders
,

Follow-Ups:
- RE: Global unique identifier
  - From: Robert Moskowitz

Prev by Date: Global unique identifier
Next by Date: RE: Global unique identifier
Previous by thread: minutes & slides
Next by thread: RE: Global unique identifier
Index(es):
- Date
- Thread