Re: Globally unique subjectUID?

[<luan@xxxxxxxxxxxxxxx> (Shyh-Wei Luan)]

Bob,

From: Bob Jueneman <BJUENEMAN@novell.com>

> If the subjectUID were a constant, unique and unambiguous reference to the
> PERSON, there might be a lot of advantages. But this would require that it
> the subjectUID not be unique per issuer, but globally unique.

Although a "globally unique ID" seems desirable, it was not what
I proposed.  I proposed that the spec encourages each CA's to maintain
its own ID issuance with temporal uniqueness (i.e., the same ID never gets
assigned to more than one subject, and the same subject can retain the same
ID even if its name gets changed) for the lifetime of the CA.

IMO, a globally unique ID is not required, *IF* it is possible at all.  I use my
social security number, driver license number at my banks, issurance agents,
and I use my IBM employee ID for accessing my company's systems.  I used
my student ID at my university.  Sometimes the IDs match my SSN, but many
times they don't.

I think we can hope that a powerful ID formula can generate ID's that
can be used in *many* CA's - maybe for human subjects.  But I do not think
there will be any formula that fits *all* (humans, companies, schools,
goverments, countries, machines, programs, ...) and *forever*.  Maybe it will be
possible if an Earth Empire rises someday. :-)   But that will also fail when
ET's come in real contact. :-)

I will be happy if I only need to be certifies by a few CA's directly.  Same
ID's will be better but different ID's will be fine too.  (I know many
people will not like to have the same ID's for privacy reason.)

Shyh-Wei