RE: Permanent identifiers in QC

[Stefan Santesson <stefan@xxxxxxxxxxx>]

Denis

Comment in-line;

> -----Original Message-----
> From: Denis Pinkas [mailto:Denis.Pinkas@bull.net]
> Sent: Wednesday, April 26, 2000 10:27 AM
> To: Stefan Santesson
> Cc: Russ Housley; 'Stephen Kent'; 'ietf-pkix@imc.org'
> Subject: Re: Permanent identifiers in QC
> 
> 
>  
> > Folks, I've been sort of off-line the last days.
>  
> > So as caching up with this thread I think we need to decide 
> the progress of
> > this issue.
>  
> > I would just want to add an observation regarding NR and 
> Authentication.
> > The issue is NOT whether permanent identifiers are of value for
> > Authentication or NR. What IS an issue is whether it is 
> relevant for NR to
> > be able to compare 2 names in 2 different certificates and 
> ensure that these
> > certificates identifies the same person EVEN if some parts 
> of the DN is not
> > matching.
> 
> For non-repudiation, the permanent identifier may be used to link
> different transactions to the same individual, even when the subject
> name of the individual changes. So it is relevant.
> 

For non-repudiation, it will be possible to determine that two different
DN:s refer to the same person without the use of "permanent identifiers".

This type of control is something that typically will be performed only in
case of problems, i.e. on rare occasions where some efforts to investigate
change in names are a reasonable.

/Stefan