IETF Logo Mail Archive

RE: PI: 10: draft-ietf-pkix-pi-10.txt - single serialNumber attribute

"Manger, James H" <James.H.Manger@team.telstra.com> Mon, 19 July 2004 06:18 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA15959 for <pkix-archive@lists.ietf.org>; Mon, 19 Jul 2004 02:18:23 -0400 (EDT)
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id i6J58DVR079231; Sun, 18 Jul 2004 22:08:13 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i6J58D6D079230; Sun, 18 Jul 2004 22:08:13 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from mailbo.vtcif.telstra.com.au (mailbo.vtcif.telstra.com.au [202.12.144.19]) by above.proper.com (8.12.11/8.12.9) with ESMTP id i6J58Cs8079178 for <ietf-pkix@imc.org>; Sun, 18 Jul 2004 22:08:13 -0700 (PDT) (envelope-from James.H.Manger@team.telstra.com)
Received: from mailbi.vtcif.telstra.com.au (mailbi.vtcif.telstra.com.au [202.12.142.19]) by mailbo.vtcif.telstra.com.au (Postfix) with ESMTP id 8103D23198 for <ietf-pkix@imc.org>; Mon, 19 Jul 2004 15:08:12 +1000 (EST)
Received: from mail.cdn.telstra.com.au (localhost [127.0.0.1]) by mailbi.vtcif.telstra.com.au (Postfix) with ESMTP id 22C851DA82 for <ietf-pkix@imc.org>; Mon, 19 Jul 2004 15:08:12 +1000 (EST)
Received: from WSMSG0004.srv.dir.telstra.com (wsmsg0004.srv.dir.telstra.com [192.74.168.133]) by mail.cdn.telstra.com.au (8.8.2/8.6.9) with ESMTP id PAA01964 for <ietf-pkix@imc.org>; Mon, 19 Jul 2004 15:08:11 +1000 (EST)
content-class: urn:content-classes:message
Subject: RE: PI: 10: draft-ietf-pkix-pi-10.txt - single serialNumber attribute
Date: Mon, 19 Jul 2004 15:07:53 +1000
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Message-ID: <73388857A695D31197EF00508B08F29806EE1B42@ntmsg0131.corpmail.telstra.com.au>
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
Thread-Topic: I-D ACTION:draft-ietf-pkix-pi-10.txt
Thread-Index: AcRpISpRw39Rj0boTiKQ1oDDudjrzgEIUs5Q
From: "Manger, James H" <James.H.Manger@team.telstra.com>
To: ietf-pkix@imc.org
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id i6J58Ds8079225
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Content-Transfer-Encoding: 8bit

1.
The ability to flag a serialNumber attribute value in the subject name as a permanent identifier is a nice feature.  Requiring that there only be a single serialNumber attribute, however, is unnecessarily restrictive.  It seems quite sensible to use serialNumber attributes to hold company numbers, org unit ids and/or personal identifiers.  For example: cn="John Doe" serialNumber=12345, o="Acme Ltd" serialNumber="DUNS 554433", c=US.  The PI extension would refer to 12345.

[Section 2] Change the ASN.1 comment for the identifierValue field of PermanentIdentifier to:
" -- if absent, use the deepest serialNumber attribute value in the subject DN"

[Section 2] Change the paragraph that begins "When the identifierValue field is absent" to:
"When the identifierValue field is absent, then the deepest serialNumber attribute value from the subject DN is the value to be taken for the identifierValue.  An attribute is "deeper" if it occurs later in the sequence of RDNs that make up the DN.  A "deeper" attribute occurs earlier in the string representation of a DN [RFC2253], which start encoding the last element of the RDN sequence that makes up a DN and moves backwards towards the first.  The PermanentIdentifier SHALL NOT be used if there is no serialNumber attribute in the subject DN.



2.
Why can't the assigner field be present but the identifierValue field be absent (refer to the serialNumber attribute)?  An absent identifierValue is simply "shorthand" to avoid duplicating a value -- it doesn't really have any sematic value so shouldn't have any impact on the assigner field (or vice versa).



3.
The security considerations section mentions an identifierType field that no longer exists.


> ----------
> From: 	Internet-Drafts@ietf.org [mailto:Internet-Drafts@ietf.org] 
> Sent:	Wednesday, 14 July 2004 6:05 AM
> 
> 	Title		: Internet X.509 Public Key Infrastructure Permanent Identifier
> 	Author(s)	: D. Pinkas, T. Gindin
> 	Filename	: draft-ietf-pkix-pi-10.txt
> 	Date		: 2004-7-13
> 	
> http://www.ietf.org/internet-drafts/draft-ietf-pkix-pi-10.txt
> 
> 	----------
> 	From: 	Denis Pinkas [mailto:Denis.Pinkas@bull.net] 
> 	Sent:	Thursday, 15 July 2004 6:06 PM
> 	Cc:	ietf-pkix@imc.org
> 
		... the definition of the PI has been changed to allow to use the serialNumber attribute from the subject DN.

v2.23.0 | Report a Bug | By Email