There is no final position yet, but it seems that we are going towards
the following structure:
CertUID ::= SEQUENCE {
issuerDN Name,
issuerAltName IssuerAltName OPTIONAL, -- As defined in PKIX
serial CertificateSerialNumber,
certificateHash CertHash
}
This allows the support of alternate names and the certificate hash
allows to make the difference between certificates that would be issued
by CAs having the same name.
In any case, I would recommend that the pkix group and the smime group
adopt the same structure.
Denis
--
Denis Pinkas Bull S.A.
mailto:Denis(_dot_)Pinkas(_at_)bull(_dot_)net
Rue Jean Jaures B.P. 68 Phone : 33 - 1 30 80 34 87
78340 Les Clayes sous Bois. FRANCE Fax : 33 - 1 30 80 33 21