RE: PI: 10: draft-ietf-pkix-pi-10.txt - single serialNumber attribute
"Manger, James H" <James.H.Manger@team.telstra.com> Wed, 21 July 2004 02:10 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA29323 for <pkix-archive@lists.ietf.org>; Tue, 20 Jul 2004 22:10:24 -0400 (EDT)
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id i6L1GFn0012768; Tue, 20 Jul 2004 18:16:15 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i6L1GFFe012767; Tue, 20 Jul 2004 18:16:15 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mailao.vtcif.telstra.com.au (mailao.vtcif.telstra.com.au [202.12.144.17]) by above.proper.com (8.12.11/8.12.9) with ESMTP id i6L1GDow012761 for <ietf-pkix@imc.org>; Tue, 20 Jul 2004 18:16:14 -0700 (PDT) (envelope-from James.H.Manger@team.telstra.com)
Received: from mailai.vtcif.telstra.com.au (mailai.vtcif.telstra.com.au [202.12.142.17]) by mailao.vtcif.telstra.com.au (Postfix) with ESMTP id 22D9423413; Wed, 21 Jul 2004 11:16:19 +1000 (EST)
Received: from mail.cdn.telstra.com.au (localhost [127.0.0.1]) by mailai.vtcif.telstra.com.au (Postfix) with ESMTP id CFDEC1DA84; Wed, 21 Jul 2004 11:16:18 +1000 (EST)
Received: from WSMSG0004.srv.dir.telstra.com (wsmsg0004.srv.dir.telstra.com [192.74.168.133]) by mail.cdn.telstra.com.au (8.8.2/8.6.9) with ESMTP id LAA21174; Wed, 21 Jul 2004 11:16:18 +1000 (EST)
content-class: urn:content-classes:message
Subject: RE: PI: 10: draft-ietf-pkix-pi-10.txt - single serialNumber attribute
Date: Wed, 21 Jul 2004 11:15:50 +1000
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Message-ID: <73388857A695D31197EF00508B08F29806EE1B4B@ntmsg0131.corpmail.telstra.com.au>
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
Thread-Topic: PI: 10: draft-ietf-pkix-pi-10.txt - single serialNumber attribute
Thread-Index: AcRuYjSxFs9kg0o7Qoy/d/W+BCH4kAAWUT7g
From: "Manger, James H" <James.H.Manger@team.telstra.com>
To: Denis Pinkas <Denis.Pinkas@bull.net>, ietf-pkix@imc.org
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id i6L1GEow012762
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Content-Transfer-Encoding: 8bit
That is wrong. A DN names an object by describing a path to it through a hierarchy of other objects. Each RDN consists of attributes of one of those *other* objects. Only the last RDN has attributes of the actual named object. A serialNumber attribute (like any other attribute) can appear multiple times -- once for each level of the hierarchy (ie once for each RDN). RDN = *Relative* Distinguished Name. [Note. No attribute type can appear multiple times within a single RDN.] In my sample DN: cn="John Doe" serialNumber=12345, o="Acme Ltd" serialNumber="DUNS 554433", c=US there are 3 objects: a country, a company and a person. The person only has one serialNumber. The company is an object in its own right so it can have its own serialNumber. So please reconsider my suggestion (1) that when identifierValue is absent the deepest serialNumber value is used. [Theoretically, the PI draft could require the serialNumber be in the deepest RDN. This would ensure the serialNumber is an attribute of the named object, not of some parent object. However, I would not recommend that. It is not unusual for DNs (particularly in certificates) to only use 1 attribute per RDN, even if some of the attributes all relate to the same logical object.] ---------- From: Denis Pinkas [mailto:Denis.Pinkas@bull.net] Sent: Wednesday, 21 July 2004 12:01 AM Section 5.2.9 from X520 defines the serial Number attribute as follows: "The serial Number attribute type specifies an identifier, the serial number of an objet." The serial Number attribute applies to the object, not to a RDN component. Thus, unless it is an error, there can't be multiple serial Number attributes in a DN.
- RE: PI: 10: draft-ietf-pkix-pi-10.txt - single se… Manger, James H
- Re: draft-ietf-pkix-pi-10.txt - single serialNumb… Anders Rundgren
- Re: PI: 10: draft-ietf-pkix-pi-10.txt - single se… Denis Pinkas
- RE: PI: 10: draft-ietf-pkix-pi-10.txt - single se… Manger, James H
- Re: PI: 10: draft-ietf-pkix-pi-10.txt - single se… Denis Pinkas
- RE: PI: 10: draft-ietf-pkix-pi-10.txt - single se… Russ Housley
- Re: PI: 10: draft-ietf-pkix-pi-10.txt - single se… Anders Rundgren
- Re: PI: 10: draft-ietf-pkix-pi-10.txt - single se… Denis Pinkas
- Re: PI: 10: draft-ietf-pkix-pi-10.txt - single se… Russ Housley
- RE: PI: 10: draft-ietf-pkix-pi-10.txt - single se… Alberti Antoine
- Re: PI: 10: draft-ietf-pkix-pi-10.txt - single se… Denis Pinkas
- Re: PI: 10: draft-ietf-pkix-pi-10.txt - single se… David P. Kemp
- RE: PI: 10: draft-ietf-pkix-pi-10.txt - single se… Manger, James H
- RE: PI: 10: draft-ietf-pkix-pi-10.txt - single se… Fisher, James L.
- Re: PI: 10: draft-ietf-pkix-pi-10.txt - single se… David P. Kemp
- Re: PI: 10: draft-ietf-pkix-pi-10.txt - single se… Russ Housley
- Re: SCVP-15 Michael Myers
- Re: PI: 10: draft-ietf-pkix-pi-10.txt - single se… Denis Pinkas
- Re: PI: 10: draft-ietf-pkix-pi-10.txt - single se… Richard Levitte - VMS Whacker
- RE: PI: 10: draft-ietf-pkix-pi-10.txt - single se… Manger, James H
- Re: pkix-pi-10.txt - Usage Models Anders Rundgren