At 17:57 2003-03-11 +0100, Denis Pinkas wrote:
>I do kown that in fact 676767666767 would allow to uniquely identify the individual, but this is not the semantics of that attribute.
Denis,
Where is the semantics broken?
The serialNumber attribute type SHALL, when present, be used to differentiate between names where the subject field would otherwise be identical. This attribute has no defined semantics beyond ensuring uniqueness of subject names. It MAY contain a number or code assigned by the CA or an identifier assigned by a government or civil authority. It is the CA's responsibility to ensure that the serialNumber is sufficient to resolve any subject name collisions.
Who says that a serial number need to start with 1 and be sequential with increment = 1
You have only to look at most software products, TV sets or similar to see another truth.
676767666767 is a perfectly fine serial number to me.
/Stefan
_____________________________ Stefan Santesson, Retrospekt AB http://www.retrospekt.com +46-706 443351