RE: Qualified Certificates and the 43:d IETF Meeting

[Hans Nilsson <hans.nilsson@xxxxxxxxxxx>]

David: 

In Sweden we originally specified the usage of uniqueIdentifier as the place
to put a "distinguisher", but we found out that no existing products could
display it (and other BIT STRINGS) properly, and might even crash, so that
is why we switched to Serial Number. 

Russ: Where and how is dnQualifier specified?

Regards
Hans

-----Original Message-----
From: david chadwick [mailto:d.w.chadwick@iti.salford.ac.uk]
Sent: Thursday, December 10, 1998 7:04 PM
To: Russ Housley
Cc: Stefan Santesson; secstan; ietf-pkix@imc.org
Subject: Re: Qualified Certificates and the 43:d IETF Meeting




Russ Housley wrote:

> Nick & Stefan:
>
> >>2)The standard attribute dnQualifier could be used instead of
serialNumber
> >>(Th attribute "serialNumber is defined in RFC 2256 as being the serial
> >>number of a device).
> >>
> >

The X.500 standard defines a uniqueIdentifier attribute that might be better
suited to the semantics than either serial number or dnQualifier.
David


>
> >Yes, the SN is not in complete harmony regarding its definition and its
> >use. However several other standardisation proposal has choosen SN for
> >personal identifiers. The rationale behind that choice have been that
most
> >applications support and displays this attribute in a correct way.
> >
> >Is there an installed base using "dnQualifier" ?
>
> We include support of dnQualifier.
>
> I strongly prefer dnQualifier over serialNumber.
>
> Russ