Re: Why don't using Permanent Identifier on QC certificates?

["Khaja E. Ahmed" <khaja.ahmed@xxxxxxxx>]

I agree with Bob that an SSN in the US is fairly dependable (for some value
of fairly) as a unique identifier among US nationals.  There probably isn't
much lost by the fact that some us nationals, like Bob's Tennessee hosts,
will not be covered by this.  I sense a distinct lack of interest in
eCommerce there.

Note however that SSNs aren't just for US nationals. Visitors and foreign
nationals on student visa or H1 (temporary work) visa are also given an SSN
in the US.  So while an SSN can be used as unique identifiers for US
nationals there is no assurance of US nationality itself.  Unless there is a
number range reserved for US nationals, alien students and workers etc.

Khaja

----- Original Message -----
From: "Robert Moskowitz" <rgm-sec@htt-consult.com>
To: "Dennis Glatting" <dennis.glatting@software-munitions.com>;
<juancarlos.perez@acepta.com>
Cc: "Ietf-Pkix" <ietf-pkix@imc.org>
Sent: Wednesday, December 20, 2000 6:32 AM
Subject: Re: Why don't using Permanent Identifier on QC certificates?


> At 05:49 AM 12/20/2000 -0800, Dennis Glatting wrote:
>
> SSNs are a poor identity in the US.  Agreed.  The whole QC profile would
> have to be modified for use here.  The basic idea is sound but does not
fit
> into our structure.  Other countries will probably now submit THEIR
> profiles to the IETF for inclusion as a standard.
>
> For my part, I MUCH prefer the PI method to QC method (a separate
attribute
> outside of the DN).  For example, the State of Michigan could get an OID
> under the US (probably has one and does not know it), then assign one to
> the Department of Motor Vehicles.  My license # now becomes a PI.  I can
> now use a MI DMV cert to assert myself for a business cert with my bank.
>
> If you are not interested in a discussion on US SSNs, you might skip the
> rest of this message.
>
> >In the US each person is suppose to have a Social Security Number
> >(SSN) however this number may not be unique as there have been cases
> >when the USG has handed out duplicates.
>
> Many people over age 60 and some over 50 have duplicate #s.  This happened
> in the 50s when wallets were sold in the US with 'sample' SSN
> cards.  People buying those wallets thought those were their number.  Most
> of these are probably out of the system by now, thanks in large measure to
> Mediare and Medicaid.
>
> >It is integrated into our birthing system that a person is assigned an
SSN
> >at birth however
> >births outside the system (e.g., home births) this isn't the case and
> >a SSN may not be obtained for years.
>
> Only recently, since the IRS required SSNs for all dependents on the
> 1040.  I remember the year that I got my 3 oldest kids their #s to comply
> with the new 1040 regs.
>
> >I believe in the Federal Witness Protection Program one can get a new
SSN.
> >Finally, I don't know if it is true,
>
> It is.  There are other ways to get new SSNs too.
>
> >I am told one does not have to have a SSN however the US
> >system is structured that you do (read: life is a hassle).
>
> If you never file taxes and pay cash for medical care and avoid banks, you
> can do quite nicely without one.  Met some people in the hills of
Tennessee
> some years ago.  Their family has avoided all of this since 1792....
>
> Boy, did they make a good drink.
>
> And no, I did not EVEN ASK to see the still.  That is why I am here to
talk
> about it.
>
>
> Robert Moskowitz
> ICSA
> Security Interest EMail: rgm-sec@htt-consult.com
>