Re: Evaluation: draft-ietf-pkix-pi - Internet X.509 Public KeyInfrastructure Permanent Identifier to Proposed Standard

[Harald Tveit Alvestrand <harald@alvestrand.no>]

I think Russ points out the essential point of this naming syntax.

There are identifiers that are strictly maintained that are not maintained 
by CAs; in Norway, there are person numbers and company numbers, just to 
mention two instances; in many cases, use of these identifiers for 
particular applications is mandated by law.

If a CA is to contain one of these in an useful fashion, they have to be 
algorithmically identifiable as exactly that sort of identifier.

And I think this proposal captures that capability.

--On 22. april 2003 11:41 -0400 Russ Housley <housley@vigilsec.com> wrote:

> The original driver for the development of this standard was European,
> where national identity cards are common practice.  In fact, many of
> countries are issuing smart cards that contain X.509 certificates (as
> well as the associated private key).  The inclusion of these national
> identifiers is important to this community.
>
> In this situation, the authority is a particular country.  I have little
> concern that a national infrastructure will assign the same identifier to
> more than one person inappropriately.
>
> Another place where a Permanent Identifier can be used is in a company.
> Consider the employee number.  Again, I have no concern that a company
> will assign the same identifier to more than one person.  It would make a
> huge mess in the human resource database.