Re: new version of draft on additional x509 certificate schema forLDAP

[Julio Sanchez <j_sanchez@xxxxxx>]

Peter Gietz escribió:

> As to sn vs x509SerialNumber: 
> serialNumber was defined in X.520 and RFC 2256 as:
>
> "This attribute contains the serial number of a device."
>
> It thus was rather meant for hardware than for software. But it seems 
> that it is now quite regulary used in the pkix context. My question is 
> 1.) should both attributes exist in parallel,
> 2.) or should I rather exchange x509SerialNumber with the RFC 2256 
> attribute serialNumber    (in analogy of the attribute mail taken from 
> RFC 2798.
> 3.) or should we try to standardize the sole use of x509serialNumber 

The syntax for serialNumber is 1.3.6.1.4.1.1466.115.121.1.44 (Printable 
String) and does not have an ordering matching rule.

Since it is a string, all kind of things appear there, it is not 
uncommon to see different hex encodings used and you have to get it 
right everytime: left zero filling or not, separating colons or not, 
etc. If serialNumber is used, it should be very well defined how is the 
integer encoded.

I think that further use of serialNumber to hold certificate serial 
numbers should be discouraged.

Julio