[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: dnQualifier topic - not solved yet.

To: Stefan Santesson <stefan@xxxxxxxxxxx>
Subject: Re: dnQualifier topic - not solved yet.
From: John Saylor <john.saylor@xxxxxxxxxxxxxxxxxx>
Date: 30 Nov 1999 09:05:05 -0500
Cc: ietf-pkix@xxxxxxx
In-reply-to: Stefan Santesson's message of "Tue, 30 Nov 1999 13:41:36 +0100"
Organization: CyberTrust
References: <>
Sender: jsaylor@xxxxxxxxxxxxxxxxxxxxxxx
User-agent: Gnus/5.070099 (Pterodactyl Gnus v0.99) XEmacs/21.1 (20 Minutes to Nikko)

Hi

>>>>> "SS" == Stefan Santesson <stefan@accurata.se> writes:

 SS> And that is to use the serialNumber attribute.

 SS> The good thing about selecting serialNumber is that it is widely
 SS> implemented anyway, it works and it has a short OID.

Yes, but the bad part is that the name "serialNumber" carries baggage
that is misleading if it were to be used as a unique identifier of
some sort.

Also, some of the same arguments in favor of serialNumber could be
applied to dnQualifier [widely implemented, works, short OID]. But
here the problem is that the intended useage is not followed [which
is also be the case (to a lesser degree) with serialNumber].

Conceptually, it seems the "right" thing to do is to add on OID for
uniqueIdentifier; however there is no shortage of operational problems 
that crop up with this course.

 SS> So if nobody strongly object to this I will go ahead and include
 SS> this in the QC profile and I assume that rfc 2459 will be updated
 SS> accordingly

I can't come up with a better plan.

-- 
\js

References:
- Re: dnQualifier topic - not solved yet.
  - From: Stefan Santesson

Prev by Date: Re: dnQualifier topic - not solved yet.
Next by Date: RE: proposed key usaged text -- the final round
Previous by thread: Re: dnQualifier topic - not solved yet.
Next by thread: Re: dnQualifier topic - not solved yet.
Index(es):
- Date
- Thread