[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I-D ACTION:draft-ietf-pkix-pi-06.txt

To: <ietf-pkix@xxxxxxx>
Subject: Re: I-D ACTION:draft-ietf-pkix-pi-06.txt
From: "Anders Rundgren" <anders.rundgren@xxxxxxxxx>
Date: Mon, 13 Jan 2003 08:51:48 +0100
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <KEEFKKJBKLJCPONFLKDLMEIFDPAA.roberto@opazo.cl> <009401c1b5a3$ea927cd0$0500a8c0@arport> <3C6CEE7D.CDEA4B79@bull.net> <012201c1b633$93cd09c0$0500a8c0@arport> <3C70C411.474F1354@bull.net>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

In the Nordic region TTP CAs are slowly but surely supporting
a total of 15 million citizens using "implicit" PI-schemes
as described on the next line:

Subject: CN=Maria Svensson, serialNumber=43566, C=SE

Now, how should they preferably convert to using the PKIX PI profile?
(it is of some value to know that these profiles are compatible
with RFC3039 which requires DNs to be unique)


Variant 1. Redundantly storing the citizen code in each EE-cert:
Subject: CN=Maria Svensson, serialNumber=43566, C=SE
PI Assigner Authority: http://government.se/citizens
PI Value: 43566



Variant 2. Adding a nonsense disambiguer code to the subject DN:
Subject: CN=Maria Svensson, serialNumber=6, C=SE
PI Assigner Authority: http://government.se/citizens
PI Value: 43566


It there a variant 3?


Cheers,
Anders

Prev by Date: Re: LDAP PKI Schema (was Re: No-op LDAP ;binary option)
Next by Date: Re: LDAP PKI Schema (was Re: No-op LDAP ;binary option)
Previous by thread: I-D ACTION:draft-ietf-pkix-ocsp-dpvdpd-00.txt
Next by thread: SubjectAltName comparison question.
Index(es):
- Date
- Thread