[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Comments to Qualified Certificates draft

To: Anders Rundgren <anders.rundgren@xxxxxxxxxx>, ietf-pkix <ietf-pkix@xxxxxxx>
Subject: RE: Comments to Qualified Certificates draft
From: Stefan Santesson <stefan@xxxxxxxxxxx>
Date: Fri, 19 Feb 1999 09:48:53 +0100
Cc: "'SEIS-List'" <list@xxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxx

Comments in line.

At 10:49 AM 2/18/99 +0100, Anders Rundgren wrote:
>--- Message on the SEIS mailing list (list@seis.nc-forum.com)
>
>Hi,
> >The subject field SHALL include one of the following choices of sets of
mandatory attributes:
>     >Choice  I:  countryName commonName
>     >Choice II:  countryName givenName surname
>      snip..
>   >The countryName attribute value specifies a general context in which
other attributes are to be
>   >understood. The country attribute does not necessarily match the
subject's country of
>   >citizenship or country of residence, nor does it have to match the
country of issuance.
>
>To me, this loose specification makes countryName redundant.  The issuer
domain should
>be enough to know how to interpret attributes. SUBJECT countryName just
adds confusion unless
>it denotes citizenship or residence.  None of the latter should affect
interpretation though.

The CountryName attribute is optional. If you find it redundant, then leave
it out. There are on the other hand many certificates that do use this
attribute so I would not prevent it from being used.

>
>A completely other comment regarding the sample certificate.  The sample
is in my opinion not
>very typical.  It contains birth data and gender.  I would say that for
e-commerce this kind
>of data is undesirable.   I believe that in reality dnQalifier of the CA
or the subject organization
>is what we will see.  For employment certificates birth, sex, and
nationality are of no interest.  
>This is established by other means (in the cases you really care) and
stored somewhere else.
>For personal ID-cards organization and role is of no interest.
>So my question is: What kind of use do you anticipate that your
>sample certificate would have?  This is a little bit of track but unless
you go into apps it
>is hard to have opinions about attributes, interpretations etc.
Suggestion: Make a few
>more samples for different purposes.
>

The purpose of the example certificate is only to show an example of how
the profile may be implemented. It does NOT imply that the present
attributes SHALL be present in any speciffic application.

>On a physical card personal data may be of interest to establish the
connection between the person and
>the card/certificate.  But what is inside the certificate, is a different
story.

I guess I lost you here.

>
>Just my 2 öres.
(What does this mean???? ;-) )

>
>Anders Rundgren
>Senior Internet e-commerce Architect
>
>

/Stefan
-------------------------------------------------------------------
Stefan Santesson                <stefan@accurata.se>
Accurata Systemsäkerhet AB     
Lotsgatan 27 D                  Tel. +46-40 152211              
216 42  Malmö                   Fax. +46-40 150790              
Sweden                        Mobile +46-70 5247799

PGP fingerprint: 89BC 6C79 5B3D 591B 8547  1512 7D11 DBF4 528F 29A0
-------------------------------------------------------------------

Prev by Date: CMP and "waiting" status
Next by Date: Re: Comments on Qualified Certificates draft
Previous by thread: Re: Comments on Qualified Certificates draft
Next by thread: RE: Comments to Qualified Certificates draft
Index(es):
- Date
- Thread