URN namespace for certs (pkix ietf84 presentation)

A few comments on the presentation about the URN Namespace for Certificates
from the IETF 84 PKIX WG session.

There are existing standards for identifying certificates in textual form,
and that is XMLdsig and standards derived from it (WS-Security from OASIS),

From the top of my head, the following references are defined:

  (a)  Subject Name (of the certificate)
  (b)  Issuer & Serial
  (c)  SubjectKeyIdentifier
  (d)  the cert itself (base64-encoded)

I see a problem with the proposal of using a certificate hash in case
there are situation when the certificate itself is _not_ conveyed along
with the message.

There are usage scenarios where instead of using a PKI, the consumer
may decided to configure direct trust to the peer certificate.
In order to do that, the consumer might have to import the certificate
as "trust anchor", and potentially it is persisted in one of the
formats defined for trust anchors in rfc5914

From the three trust anchor formats defined in rfc5914, one is only the
ToBeSigned part of a certificate, so a certificate hash is useless to
find/identify that trust anchor, and for the trust anchor format
"TrustAnchorInfo", storing the certificate is purely optional,
so again, matching of a certificate hash may simply impossible.

With respect to existing standards for referencing certificate