RE: PI: 10: draft-ietf-pkix-pi-10.txt - single serialNumber attribute
"Manger, James H" <James.H.Manger@team.telstra.com> Tue, 27 July 2004 01:06 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA24604 for <pkix-archive@lists.ietf.org>; Mon, 26 Jul 2004 21:06:18 -0400 (EDT)
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id i6R003lh001923; Mon, 26 Jul 2004 17:00:03 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i6R003Mp001922; Mon, 26 Jul 2004 17:00:03 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mailbo.vtcif.telstra.com.au (mailbo.vtcif.telstra.com.au [202.12.144.19]) by above.proper.com (8.12.11/8.12.9) with ESMTP id i6R002Jt001907 for <ietf-pkix@imc.org>; Mon, 26 Jul 2004 17:00:03 -0700 (PDT) (envelope-from James.H.Manger@team.telstra.com)
Received: from mailbi.vtcif.telstra.com.au (mailbi.vtcif.telstra.com.au [202.12.142.19]) by mailbo.vtcif.telstra.com.au (Postfix) with ESMTP id 3347A22E42 for <ietf-pkix@imc.org>; Tue, 27 Jul 2004 09:59:58 +1000 (EST)
Received: from mail2.cdn.telstra.com.au (localhost [127.0.0.1]) by mailbi.vtcif.telstra.com.au (Postfix) with ESMTP id BF2F91DA81 for <ietf-pkix@imc.org>; Tue, 27 Jul 2004 09:59:57 +1000 (EST)
Received: from WSMSG0004.srv.dir.telstra.com (wsmsg0004.srv.dir.telstra.com [192.74.168.133]) by mail2.cdn.telstra.com.au (Postfix) with ESMTP id 7364941E3A for <ietf-pkix@imc.org>; Tue, 27 Jul 2004 09:59:57 +1000 (EST)
content-class: urn:content-classes:message
Subject: RE: PI: 10: draft-ietf-pkix-pi-10.txt - single serialNumber attribute
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Date: Tue, 27 Jul 2004 09:58:45 +1000
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
Message-ID: <73388857A695D31197EF00508B08F29806EE1B57@ntmsg0131.corpmail.telstra.com.au>
Thread-Topic: PI: 10: draft-ietf-pkix-pi-10.txt - single serialNumber attribute
Thread-Index: AcRy/v8BKZJRiv7YTTWa4trhEA1tvgAa8t6g
From: "Manger, James H" <James.H.Manger@team.telstra.com>
To: ietf-pkix@imc.org
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id i6R003Jt001917
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Content-Transfer-Encoding: 8bit
Denis,
"deepest serialNumber value" meant the deepest serialNumber value, regardless of whether the RDN it was in was the deepest RDN, the 2nd deepest RDN etc. We now both agree on the logic, so if you think my words are confusing I can live with your words.
Richard,
Including the PI extension with an absent identifierValue when the subject DN is cn="John Doe" , o="Acme Ltd" serialNumber="DUNS554433", c=US would not be sane, as you note. However, it would not be the fault of the PI extension or the DN. It would simply be a straight out lie by the CA. The syntax does not (and cannot) prevent lies.
----------
From: Denis Pinkas [mailto:Denis.Pinkas@bull.net]
Sent: Monday, 26 July 2004 7:28 PM
> I still suggest using my original text changes.
Your original text was: "when identifierValue is absent the
deepest serialNumber value is used". I would guess that you mean:
"when identifierValue is absent, the value contained in the
serialNumber of the deepest RDN SHALL be used."
I would propose instead to re-use my text, modified by David,
with an additional modification for the item 2. This leads to:
1 - if there are one or more RDNs containing a serialNumber
attribute (alone or accompanied by other attributes), then
the value contained in the serialNumber of the deepest
such RDN SHALL be used as the identifierValue.
2 - otherwise, the Permanent Identifier definition is invalid
and the Permanent Identifier SHALL not be used.
- RE: PI: 10: draft-ietf-pkix-pi-10.txt - single se… Manger, James H
- Re: draft-ietf-pkix-pi-10.txt - single serialNumb… Anders Rundgren
- Re: PI: 10: draft-ietf-pkix-pi-10.txt - single se… Denis Pinkas
- RE: PI: 10: draft-ietf-pkix-pi-10.txt - single se… Manger, James H
- Re: PI: 10: draft-ietf-pkix-pi-10.txt - single se… Denis Pinkas
- RE: PI: 10: draft-ietf-pkix-pi-10.txt - single se… Russ Housley
- Re: PI: 10: draft-ietf-pkix-pi-10.txt - single se… Anders Rundgren
- Re: PI: 10: draft-ietf-pkix-pi-10.txt - single se… Denis Pinkas
- Re: PI: 10: draft-ietf-pkix-pi-10.txt - single se… Russ Housley
- RE: PI: 10: draft-ietf-pkix-pi-10.txt - single se… Alberti Antoine
- Re: PI: 10: draft-ietf-pkix-pi-10.txt - single se… Denis Pinkas
- Re: PI: 10: draft-ietf-pkix-pi-10.txt - single se… David P. Kemp
- RE: PI: 10: draft-ietf-pkix-pi-10.txt - single se… Manger, James H
- RE: PI: 10: draft-ietf-pkix-pi-10.txt - single se… Fisher, James L.
- Re: PI: 10: draft-ietf-pkix-pi-10.txt - single se… David P. Kemp
- Re: PI: 10: draft-ietf-pkix-pi-10.txt - single se… Russ Housley
- Re: SCVP-15 Michael Myers
- Re: PI: 10: draft-ietf-pkix-pi-10.txt - single se… Denis Pinkas
- Re: PI: 10: draft-ietf-pkix-pi-10.txt - single se… Richard Levitte - VMS Whacker
- RE: PI: 10: draft-ietf-pkix-pi-10.txt - single se… Manger, James H
- Re: pkix-pi-10.txt - Usage Models Anders Rundgren