RE: National Identifier into Serial Number or SubjectAltName? (Was: Why don't using Permanent Identifier on QC certificates?)

[Juan Carlos Perez Aguayo <juancarlos.perez@xxxxxxxxxx>]

[snip]

>
> > I like PI solution, mainly because I think that "Permanent
> Identifier" ia a
> > separate concept, and should be outer the DN, but I am concern about how
> > many support into the PKIX WG the PI has currently. Seem that
> QC has better
> > support today.
>
> No one yet support QCs. Then supporting QC does not necessarily means
> supporting all the features described in QC. A good combination
> would be to
> use both QC and PI. This means that the *optional* serial number
> used in the
> DN would not usually be present as soon as the PI extension is present.
>
>

I understand that SerialNumber isn't *optional*, because DN has to be
unique, if the CN isn't unique.

By example, two persons that have equal names (CN, givenName.

C= CL, O= My org, OU = my Unit, CN = Jhon Davis and National ID 123
C= CL, O= My org, OU = my Unit, CN = Jhon Davis and National ID 444

Using QC, is need to incorporate National ID into DN, for uniquiness =>
SerialNumber = 123, and SerialNumber =444

If we can using not unique DNs, we can put PI for identity uniqueness into
QC.

regards

Juan Carlos