[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Globally unique subjectUID?
>>> Shyh-Wei Luan <luan@almaden.ibm.com> 06/06/97 01:34AM >>>
>Bob,
>
>> If the subjectUID were a constant, unique and unambiguous reference to
the
>> PERSON, there might be a lot of advantages. But this would require that
it
>> the subjectUID not be unique per issuer, but globally unique.
>
>Although a "globally unique ID" seems desirable, it was not what
>I proposed. I proposed that the spec encourages each CA's to maintain
>its own ID issuance with temporal uniqueness (i.e., the same ID never gets
>assigned to more than one subject, and the same subject can retain the same
>ID even if its name gets changed) for the lifetime of the CA.
Hal Lockhart recently asked what exactly defined a "subject", and I gave him
sort of a wise guy, "it depends" answer. So if you want to specify what I
think you are specifying, I would suggest a more semantic-oriented
definition of "subject." In other words, I believe that you are suggesting
that the flesh-and-blood human entity be the underlying construct, and that
changes of DNs and/or alternateSubjectNames would not matter.
However, without using either my concept of forming a message digest from
someone's birth certificate in a predefined way, or else using some form of
biometric indicator, I'm not sure that I understand how a CA would enforce
even the CA-unique requirement. Consider one of the most common cases -- a
woman gets married, changes her name and address, and gets a new driver's
license, perhaps in a different state. Now she reapplies to her CA for a new
certificate, but forgets to mention the old name. What does the CA do to
enforce the uniqueness requirement? Is this a user-driven, optional
function? If so, what does it accomplish?
If it is to be user-driven and optional (at least as far as the uniqueness
is concerned), then portability between CAs might be a consideration. If
one of the schemes that was suggested for deriving completely unique or
probabilistically unique IDs was used, then a user should be able to carry
that ID to another CA and use the same UID. Perhaps they would have to show
prior possession of use, in the form of a certificate issued by the other
CA, in order to prevent someone from claiming someone else's UID. The
liability implications for the CA in this case are not clear, however.
All this is metaphysical enough, but I really begin to get a headache when I
start to think how to apply these concepts to non-human entities. How would
it work for a server name? Would it apply in the case of a corporation name,
for example after a merger? How about a law partnership that adds one more
partner? Is that still the "same" entity? The semantic issues would be the
driving factors, here, I think.
>
>IMO, a globally unique ID is not required, *IF* it is possible at all. I
use my
>social security number, driver license number at my banks, insurance
agents,
>and I use my IBM employee ID for accessing my company's systems. I used
>my student ID at my university. Sometimes the IDs match my SSN, but many
>times they don't.
I'm not suggesting that a globally unique UID is necessary, only that it
might be nice for applications such as access control. In particular, the
Orange Book requirements for a B3 system require that it be possible to
EXCLUDE individuals or groups of individuals from access, and I don't know
how to implement that, particularly in the network context, if people can
freely change their names.
[snip]
Bob
Robert R. Jueneman
Security Architect
Novell, Inc.
Internet Infrastructure Division
122 East 1700 South
Provo, UT 84604
801/861-7387
bjueneman@novell.com