The serial number field provides a short form, unique identifier for each certificate generated by an issuer. An issuer must ensure that no two distinct certificates with the same issuer DN contain the same serial number. (This requirement must be met even when the certification function is effected on a distributed basis and/or when the same issuer DN is certified under two different PCAs. This is especially critical for residential CAs certified under different PCAs.) The serial number is used in CRLs to identify revoked certificates, as described in Section 3.4.3.4. Although this attribute is an integer, PEM UA processing of this attribute need not involve any arithmetic operations. All PEM UA implementations must be capable of processing serial numbers at least 128 bits in length, and size-independent support serial numbers is encouraged.