RE: dnQualifier topic - not solved yet.

[Charles Moore <cmoore@xxxxxxxxxxxxx>]

-----Original Message-----
From: Anders Rundgren [mailto:anders.rundgren@jaybis.com]
Sent: Tuesday, 30 November 1999 8:59
To: Charles Moore; ietf-pkix@imc.org; Stefan Santesson
Subject: Re: dnQualifier topic - not solved yet.


Charles,

>a) Document the use of options 1 and 2 as they have already been
implemented
>and are in use...
>b) Define a new attribute within the RFC something like 'distiguising
>qualifier' with a discription something like "The Distinguishing Qualifier
>attribute type specifies disambiguating information used to uniquely
>identify a subject".

dnQualifier supports disambiguity right now AFAIK but has been used as a
unique
identifier as well.  That makes its use ambigious and semantics unclear.

cm> The standard is ambiguous enough to legitimately use it for the
purpose... So we must deal with this reality...


>
>A value of the 'distiguising qualifier'  attribute identifies and conveys
>qualifier information for the subject,and is only used if disambiguation is
>required ( needed to meet privacy concerns, i.e to prevent national ID type
>usage).


The quest is for a suitable unique identifier to be used in not only by
national ID-schemes
but within companies.

cm> Agreed, but I want its use to be optional, i.e. not mandated in all
certs, as this causes real privacy issues within my country.... The (...)
stuff is for info, not normative...



serialNumber has a lousy name but since serial numbers normally are unique a
changed text should not change any actual usage.  I.e. my wote is on
serialNumber
and updated semantics.

cm> I believe that semantics are important, and the overloading is a
problem... I dont believe that this attribute has different semantics that
has already been used by many systems, overloading will cause problems...


I agree there is no perfect solution, my proposal was to document what we
have, a nd provide a migration solution we  can all live with...


Anders