[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: National Identifier into Serial Number or SubjectAltName?
- To: "Ietf-Pkix" <ietf-pkix@xxxxxxx>
- Subject: RE: National Identifier into Serial Number or SubjectAltName?
- From: "Oscar Conesa" <oconesa@xxxxxxxxx>
- Date: Wed, 20 Dec 2000 17:45:39 +0100
- References: <>
In Spain we have the same problem. Now, we use one propietary OID
(1.3.6.1.4.1.4710.1.3.1, Safelayer) in the Subject DN to codify
the spanish personal number identificaction (NIF, Numero de identificion fiscal).
We know that is not a good solution.
I think that PI is better than propietary OID.
Thanks
Oscar Conesa
Dtor Tecnico de FESTE
----- Original Message -----
From: Juan Carlos Perez Aguayo <juancarlos.perez@acepta.com>
To: Robert Moskowitz <rgm-sec@htt-consult.com>
Cc: Ietf-Pkix <ietf-pkix@imc.org>
Sent: Wednesday, December 20, 2000 5:57 PM
Subject: National Identifier into Serial Number or SubjectAltName? (Was: Why don't using
Permanent Identifier on QC certificates?)
> May be isn't a good idea to incorporate Permanet Identifier into a QC, as
> Anders Rundgren did say to me:
>
> "...If you use QC DN must be unique so you really do not have an alternative
> but keep SerailNymber
> and insert a redundant SerialNumber in a PI entry.
>
> That's why I think PI is wrong. ..."
>
> My principal concern is about how to incorporate a national ID into a
> certificate, in a interoperable fashion.
>
> I don't know how many countries has National IDs, and if is desired that
> such ID could be to incorporated into a digital certificate, but in my
> country (CHILE) so happen, and I wish to using a standard solution...
>
> I think that QC is a good solution for certificates issued only a physical
> people, and when a require a unique statement of identity
>
> I like PI solution, mainly because I think that "Permanent Identifier" ia a
> separate concept, and should be outer the DN, but I am concern about how
> many support into the PKIX WG the PI has currently. Seem that QC has better
> support today.
>
> I am the Chief Technology Officer of a newly Certification Authority in my
> country (we are currently not in production yet, but soon I hope :) ), and I
> am strongly supporting "PKIX standards" for our certificates.
>
> If you are not interested in a discussion on Chilean National IDs and
> certificates, you might skip the
> rest of this message.
>
> In my country , Chile, the Civil Registry Authority issue a unique
> identifier (on a national domain) on birth. This ID is put into a plastic
> "identification card" (and biometrics information is on the card too). Every
> citizen has a ID. This ID is used for many transactions: tax pay, obtaining
> bank accounts, voting, ... Then I think that is nice to incorporate this ID
> into a certificate, as a "virtual" identification card (whidauth photo and
> biometrics).
>
> The companies must to obtain a ID assigned by the authoruty too. This ID
> uniquely identify the company into the country.
>
>
> Which do you think that is the PI draft future support?
>
> Thanks
>
> Juan Carlos Perez Aguayo
> CTO
> Acepta.com
> juancarlos.perez@acepta.com
>
>