At Sun, 01 Jan 2017 08:26:34 -0800, Yaron Sheffer wrote: > > Reviewer: Yaron Sheffer > Review result: Has Nits > > * 3.1.1: The serial number in RFC 6487 is still a real, unique serial > number that uniquely identifies the certificate. Here it is used as > something other than a serial number, which is explicitly NOT unique, > and the CA is left to decide how to make it unique in the face of > potentially repeating BGP IDs. If this is not a real issue (e.g. > because duplicate IDs are rare and never within a RIR), please say > so.
Er, I suspect you're confusing serial numbers with serial numbers. 3.1.1 of this draft is talking about the id-at-serialNumber attribute in the Subject field (RFC 5280 4.1.2.6, naming attribute type X520SerialNumber), a different thing entirely from the certificate Serial Number (RFC 5280 4.1.2.2, type CertificateSerialNumber). Just to make things more interesting, both are called serialNumber in different contexts. Clear as mud, I know. So, agreed that this probably does need clarification, but perhaps not quite the clarification you thought it needed. _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr