[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: QC comparisons are DEADLY serious!

To: ietf-pkix@xxxxxxx, list@xxxxxxxxxxxxxxxxx
Subject: Re: QC comparisons are DEADLY serious!
From: pgut001@xxxxxxxxxxxxxxxxx (Peter Gutmann)
Date: Fri, 5 Nov 1999 03:53:44 (NZDT)
Reply-to: pgut001@xxxxxxxxxxxxxxxxx
Sender: pgut001@xxxxxxxxxxxxxxxxx

Stephen Kent <kent@po1.bbn.com> writes:

>In version 2 X.509 certs there was a field added for unique subject and 
>issuer IDs.  It was a bad idea, designed to address what appear to be some 
>of the issues you alluded to above; nobody uses it.

Well, nobody's *supposed* to use it, but it was used briefly in SEIS certs
(it's now been replaced by a cert extension).  The style guide has the
following comment on unique identifiers:

uniqueIdentifier

  There are at least two incompatible objects called uniqueIdentifier, the
  first is an attribute defined in 1991 in RFC 1274 with string syntax, the
  second is an attribute defined in 1993 in X.520v2 with BIT STRING syntax.
  LDAPv2 used the RFC 1274 interpretation, RFC 2256 changed the name for the
  X.520 version to x500uniqueIdentifier for use with LDAPv3.  There is also a
  uid attribute defined in RFC 1274, this is different again.

There are also proprietary equivalents for uniqueIdentifiers which I haven't
mentioned in the guide, eg the Telesec nameDistinguisher.  X.520 also has some
other uniqueXXX attribute [pause] uniqueMember whose purpose I don't recall.

Peter.

Prev by Date: Comments on ETNPT
Next by Date: Re: Comments on the PKIX Roadmap
Previous by thread: RE: QC comparisons are DEADLY serious!
Next by thread: Comments on draft-ietf-pkix-ldap-v3-01.txt
Index(es):
- Date
- Thread