[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Why don't using Permanent Identifier on QC certificates?
In the QC draft is stated:
"...The serialNumber attribute type SHALL, when present, be used to
differentiate between names where the subject field would otherwise
be identical. This attribute has no defined semantics beyond
ensuring uniqueness of subject names. It MAY contain a number or
code assigned by the CA or an identifier assigned by a government or
civil authority. It is the CA's responsibility to ensure that the
serialNumber is sufficient to resolve any subject name collisions..."
and on the Permanet Identifier drfat;
Sorry if this discussion has happened before, but I don't know if there are
some final statement:
"... A serialNumber attribute may be used for two
different purposes in the DN of a person:
1) In a DN or a SubjectAltName to differentiate between
two names (for two different individuals) that otherwise
would not be different.
2) In the identifier field from a permanent identifier.
This is the recommended use for national ID's and
employee ID's, for example. ..."
Now, consider this:
a person has a unique identifier, assigned by a goverment authority, wich is
guaranteed to be unique on a national scope (country domain)
How to incorporate this identifier into a certificate?.
SerialNumber or SubjevctAltname field? When I read the QC profile
"..identifier assigned by a goverment o civil authority...", and then the PI
draft say "... This is recommended use for national ID's...", I am confused.
Why the QC does not use Permanent Identifier?
Thera are some application wich need incorporate this class of personal
identifier. By example, in my country (CHILE) each people ha an unique ID
stamped in a card (this card has the photography and handwritting too), and
this is broadly recognized for identification. One can to do many
transactions wich need this ID for proceed.
Thanks in advance
Juan Carlos Pérez A.
Acepta.com