[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: X.509 certificate and its subject name field

To: D.Pinkas@xxxxxxxxxxxx
Subject: Re: X.509 certificate and its subject name field
From: <luan@xxxxxxxxxxxxxxx> (Shyh-Wei Luan)
Date: Fri, 6 Jun 1997 09:20:59 -0700
Cc: housley@xxxxxxxxxx, ietf-pkix@xxxxxxxxxx, luan@xxxxxxxxxxxxxxx

From: Denis Pinkas <D.Pinkas@frcl.bull.fr>

> (Shyh-Wei Luan) wrote:

> > CA names will become a scarce resource in years and need to reused.

> I would agree with that statement which would be a nice requirement ...

> > Thus I think CA's should also be assigned SUID's by their certifying CA's.

>       .... but saying that the issuer Unique ID is the solution
>            is not the right answer  ... until there is a whole story
>            about how to use/manage it.

I am not saying that "issuer UID" should be used.  As a matter of fact,
I oppose to the use of the issuer UID field.  What I am saying is that
a CA certifying other CA's can use *Subject UID* to address name reuses
(or name changes).  The following is the text that I object to.

>    CAs conforming to this profile should not reuse issuer names.
>    Therefore they should not generate cross-certificates that
>    incorporate a subject unique identifier.

For example, the US Department of Commerce can certify Company X's CA with
Subject UID 123 today and Company X's can go out of
business, say, end of this year. The Department can choose to certify a
different entity, say, 15 years later as Company X with Subject UID 456.

Shyh-Wei

Prev by Date: Re: X.509 certificate and its subject name field
Next by Date: List Information
Previous by thread: Re: X.509 certificate and its subject name field
Next by thread: Re: X.509 certificate and its subject name field
Index(es):
- Date
- Thread