[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Updating RFC 3039 - and its impact on PI

To: "Stefan Santesson" <stefan@xxxxxxxxxxxx>, <ietf-pkix@xxxxxxx>
Subject: RE: Updating RFC 3039 - and its impact on PI
From: "Roberto Opazo Gazmuri" <roberto@xxxxxxxx>
Date: Tue, 19 Mar 2002 20:35:01 -0400
Importance: High
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Stefan,

I see 2 different points here:

1.- In witch context should we discuss a PI solution?
I believe the PI document is well justified and this discussion is proving
that.

2.- Should we use DN or GN to codify PIs?
This point was analysed previously. I my opinion there are good reasons to
prefer GN:
  a)	DNs are overloaded enough and especially de subject field, this field
should be as international as it is possible. A PI is typically a locally
assigned value, so it is not a good idea to put it in the subject.
  b)	One person could have many PIs of different type, like passport number,
security number, client number and another passport number (double
nationality or a passport number assigned for commercial purposes).
  c)	One PI value identifies an entity by it self, so it not natural to put
this value in a Directory Information Tree, because this will be always a 2
levels tree.
  d)	In essence, a PI is another way to call an entity, so it is very
natural to use OtherName in SubjectAltName extension.

Best regards,

Roberto Opazo

> -----Mensaje original-----
> De: owner-ietf-pkix@xxxxxxxxxxxx [mailto:owner-ietf-pkix@xxxxxxxxxxxx]En
> nombre de Stefan Santesson
> Enviado el: martes, 19 de marzo de 2002 12:27
> Para: ietf-pkix@xxxxxxx
> Asunto: RE: Updating RFC 3039 - and its impact on PI
>
>
>
> Maybe I should clarify myself.
>
> I believe that many of the functionality aspects, that PI was design to
> meet, is achieved by defining semantics of data stored in DN attributes.
>
> I just want to invite people who think they need the PI solution to see
> what they can do with attribute semantics and open the discussion to
> suggestions that would further improve this solution.
>
> Maybe this would reduce the need for a separate PI solution to the extent
> where its just not justified to make YAP. But I remain open to that issue.
>
> /Stefan
>
>
> At 17:36 2002-03-15 -0400, Roberto Opazo Gazmuri wrote:
>
> > > > Finally I believe that a revision of RFC 3039 should include
> > > > considerations to avoid the need for a PI extension
> according to the PI
> > > > draft.
> > > >
> > > > I can't see that the PI draft accomplish anything that RFC
> 3039 doesn't
> > > > already solve, or at least would solve after revision.
> > >
> > > The revised document will not be able to solve what the PI
> document covers
> > > since the PI document applies to *any entity* whereas the
> revised RFC 3039
> > > document is planned to apply only to *personal ID
> certificates*. Maybe the
> > > revised RFC 3039 could take advantage and refer to the PI document.
> > >
> >
> >I agree.
> >
> >The PI purpose is important enough to be in an independent discussion and
> >RFC, even considering than QC could be modified to apply to any entity.
> >
> >Best regards,
> >
> >Roberto

References:
- RE: Updating RFC 3039 - and its impact on PI
  - From: Stefan Santesson

Prev by Date: RE: DPD/DPV reqmts strawpoll
Next by Date: Re: Candidate for moving OCSP to a Draft Standard
Previous by thread: Re: Updating RFC 3039 - and its impact on PI
Next by thread: Re: Updating RFC 3039 - and its impact on PI
Index(es):
- Date
- Thread