[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Permanent identifiers in QC

To: ietf-pkix@xxxxxxx
Subject: Re: Permanent identifiers in QC
From: Bruno Salgueiro <bs@xxxxxxx>
Date: Thu, 27 Apr 2000 19:26:01 +0100
Organization: SIBS
References: <> <>

Hi everyone.

  As I'm involved in the development of a PKI this topic interests me.
  I always thought that the main responsible for the attribution of a
cer-
tificate would be the Registration Authority. It is this entity which
will
verify an individual identity, allocate a DN from its namespace defined
by
the CA (or after the approval of the CA) and then deliver the
authorisation
tokens to retrieve the certificate. If you want, the CA can also be the
RA
but it is the role separation I'm interested in.

  But if you have n RAs for the same CA and if the CA doesn't know who
is
applying (it is trusting the RA to do so), how can we allocate an unique
identifier for each person? And if you could, how would you then issue
anonymous certificates? Remember that a certificate doesn't need to
assure
a name, might be a role, an account number, etc. So, sometimes it
doesn't
really matter the person itself, onle the proof of possesion of a token.
  Finally, I'm aware that attribute certificates are ideally used to
assure
a third party of an account number but as of today, if someone needs to
do
this, it will use regular certificates. And for account numbers, it
might
even be desirable not to associated them with a person when you're
buying
or presenting them as a ticket...

  I would really like to read some comments about this. Nevertheless,
and
no flames please, what the heck is QC???!??

Regards,

Paul Koning wrote:
> 
> >>>>> "Peter" == Peter Sylvester <Peter.Sylvester@EdelWeb.fr> writes:
> 
>  >>  Would you explain how, when the name of that person changes ?
>  >>
>  >> > This type of control is something that typically will be
>  >> performed only in > case of problems, i.e. on rare occasions where
>  >> some efforts to investigate > change in names are a reasonable.
>  >>
>  >> It may be useful for day to day work.
> 
>  Peter> ...
>  Peter> In most cultures, you don't change names *VERY* often.
> 
> In a fair number of cultures, somewhat less than half the people
> change their name at least once during their lifetime.
> 
> Also, in some countries (the USA for example), quite apart from that
> general rule, you're pretty much free to change your name if you
> wish.  In fact, when immigrants are naturalized they are specifically
> told that this may be a good time to consider changing their name.
> 
>      paul

-- 
=======================================================
Bruno Salgueiro       (mailto:bs@sibs.pt)

SIBS - Sociedade Interbancária de Serviços
Rua Soeiro Pereira Gomes, Lote 1, 1600 Lisboa, Portugal

Tel: + 351 21 791 88 33
Fax: + 351 21 794 24 40
http://www.sibs.pt

Esta mensagem foi assinada com certificado MULTIcert.
Para obter o certificado da Autoridade de Certificação
PILOTO MULTIcert dirija-se ao site
            http://www.sibs.multicert.com

"Computers are useless. They can only give you answers."
                                        --Pablo Picasso
=======================================================

References:
- Re: Permanent identifiers in QC
  - From: Peter Sylvester
- Re: Permanent identifiers in QC
  - From: Paul Koning

Prev by Date: Re: Permanent identifiers in QC
Next by Date: Re: Permanent identifiers in QC
Previous by thread: Re: Permanent identifiers in QC
Next by thread: Re: Permanent identifiers in QC
Index(es):
- Date
- Thread