Re: Permanent identifiers in QC

[Denis Pinkas <Denis.Pinkas@xxxxxxxx>]

Stefan,

Comments in line;

> Denis
> 
> Comment in-line;
> 
> > -----Original Message-----
> > From: Denis Pinkas [mailto:Denis.Pinkas@bull.net]
> > Sent: Wednesday, April 26, 2000 10:27 AM
> > To: Stefan Santesson
> > Cc: Russ Housley; 'Stephen Kent'; 'ietf-pkix@imc.org'
> > Subject: Re: Permanent identifiers in QC
> >
> >
> >
> > > Folks, I've been sort of off-line the last days.
> >
> > > So as caching up with this thread I think we need to decide
> > the progress of
> > > this issue.
> >
> > > I would just want to add an observation regarding NR and
> > Authentication.
> > > The issue is NOT whether permanent identifiers are of value for
> > > Authentication or NR. What IS an issue is whether it is
> > relevant for NR to
> > > be able to compare 2 names in 2 different certificates and
> > ensure that these
> > > certificates identifies the same person EVEN if some parts
> > of the DN is not
> > > matching.
> >
> > For non-repudiation, the permanent identifier may be used to link
> > different transactions to the same individual, even when the subject
> > name of the individual changes. So it is relevant.
> >
> 
> For non-repudiation, it will be possible to determine that two different
> DN:s refer to the same person without the use of "permanent identifiers".

Would you explain how, when the name of that person changes ?

> This type of control is something that typically will be performed only in
> case of problems, i.e. on rare occasions where some efforts to investigate
> change in names are a reasonable.

It may be useful for day to day work.

Denis

> /Stefan