[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Globally unique subjectUID?

To: dpkemp@xxxxxxxxxxxxxx, ietf-pkix@xxxxxxxxxx
Subject: Globally unique subjectUID?
From: Bob Jueneman <BJUENEMAN@xxxxxxxxxx>
Date: Thu, 05 Jun 1997 10:15:57 -0600

>> From: Bob Jueneman <BJUENEMAN@novell.com>
>> 
>> Unaccustomed as I am to lurking and reading a thread before jumping in
with
>> a response, I finally seem to be back on the PKIX mailing list, and would
>> like to contribute my 2 cents. 
>
>Welcome back, Bob!
>
>> However, just identifying the individual uniquely is not sufficient, and
>> unless I have suddenly had a metal lapse we will need a subjectUniqueID
in
>> order to differentiate between the different certificates that a single,
>> unambiguously identified user may validly possess.
>
>
>An unambiguously identified user may indeed have multiple certificates, but
>what purpose does a subjectUID have in distinguishing between them?  The
>serialNumber field is already unique per issuer.  Assuming that the
>"multiple humans with the same DN" issue is solved by the
>multiple-attribute terminal RDN, what other problem is addressed by
>a subjectUID that could not be addressed by using the serialNumber?
>

The "metal" lapse was obviously a "mental" one. You're quite right, the
serialNumber field is unique per issuer, and is sufficient to differentiate
between different certificates.

But before we deprecate it, lets think just a little longer.  There are some
strong arguments that could be made against a permanent national or
international ID number, especially from a privacy standpoint. But there are
also some strong arguments that can be made in favor of one, as is evidence
by the almost universal use of the Social Security Number, at least within
the US.

Sharon's recent point regarding uniqueness of names was right on target -- I
have tended to use the term globally unambiguous instead of uniqueness
regarding names.

But it occurs to me that if we were to define it correctly, subjectUID might
be a very useful attribute if it referred to the underlying, corporeal
ENTITY which is being named.

Names change, and in particular organizationalPerson names are likely to
change often. residentialPerson names are likely to change, especially if
geopolitical structures such as city and street names are used to provide an
unambiguous reference.  The multi-valued RDN can be used to eliminate the
ambiguity in one's common name, but the serial number has to be assigned by
the namregistration authroity, whether that is your company, your CA, or
maybe your ISP. But why should my name change just because I change jobs,
move, or change Internet provider?

And of course people sometimes change their common name as well. 

In addition to marriage and adoption, demands of orthography and current
convention can cause people to change their name. For example, my
great-grandfather's name was Ju(umlaut)nemann, but the u-umlaut became the
conventional ue when he moved to the US. And my father was born Frederick R.
Juenemann, but in grade school during WWI the use of the Germanic double-n
was rather unpopular, and he just dropped it. (His father, mother, and
sister did not, however.) Later, in the Army in WWII, the full Frederick
became a bother, and he shortened it to just Fred. As a result, his will
lists three aliases, Frederick R. Juenemann, Frederick R. Jueneman, and Fred
R. Jueneman, just to make sure there is no mistake.

(I'm sure that Shyh-Wei Luan can relate to this problem, as can many other
people of Asian heritage. Even the names of cities change, viz. Peking to
Beijing, Stalingrad to Leningrad, not to mention whole countries.)

If the subjectUID were a constant, unique and unambiguous reference to the
PERSON, there might be a lot of advantages. But this would require that it
the subjectUID not be unique per issuer, but globally unique.

It occurs to me that in addition to the hash of the birth certificate I
talked about, it might also be possible to some biometric indicia, such as
the map of fingerprint minutia. Or better yet, something that does not have
the negative forensic connotations of a fingerprint, such as a
representation of one's retinal pattern. At least no one ever got convicted
because of a latent retinal print!

Let's not discard this idea just yet -- it might have a lot of applicability
for access control and other similar mechanisms that would span name
changes.

Bob

Prev by Date: RE: X.509 certificate and its subject name field
Next by Date: RE: X.509 certificate and its subject name field
Previous by thread: ietf-pkix: housekeeping - please delete
Next by thread: Re: Globally unique subjectUID?
Index(es):
- Date
- Thread