[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Globally unique subjectUID?

To: Bob Jueneman <BJUENEMAN@xxxxxxxxxx>, luan@xxxxxxxxxxxxxxx, ietf-pkix@xxxxxxxxxx
Subject: Re: Globally unique subjectUID?
From: "Shyh-Wei Luan" <luan@xxxxxxxxxxxxxxx>
Date: Mon, 9 Jun 1997 17:13:45 -0700
In-reply-to: Bob Jueneman <BJUENEMAN@novell.com> "Re: Globally unique subjectUID?" (Jun 6, 2:27pm)
References: <s3981e52.011@novell.com>

On Jun 6,  2:27pm, Bob Jueneman wrote:

> Hal Lockhart recently asked what exactly defined a "subject", and I gave him
> sort of a wise guy, "it depends" answer.  So if you want to specify what I
> think you are specifying, I would suggest a more semantic-oriented
> definition of "subject." In other words, I believe that you are suggesting
> that the flesh-and-blood human entity be the underlying construct, and that
> changes of DNs and/or alternateSubjectNames would not matter.

What I suggest is that "a Subject Unique Identifier should be a unique
identifier of a subject, within the context of the issuing CA".  Isn't that
simple and straightforward? :-)  It should not change as long as the *subject*
remain existing in the context of the CA.  I don't think a subject must be
a human.

> However, without using either my concept of forming a message digest from
> someone's birth certificate in a predefined way, or else using some form of
> biometric indicator, I'm not sure that I understand how a CA would enforce
> even the CA-unique requirement.

It could be as simple as a timestamp or a serial number.

> Consider one of the most common cases -- a
> woman gets married, changes her name and address, and gets a new driver's
> license, perhaps in a different state. Now she reapplies to her CA for a new
> certificate, but forgets to mention the old name.  What does the CA do to
> enforce the uniqueness requirement?

The CA might use a different SUID if the woman left the context (the state)
and come back without requesting the revalidation of her old SUID.  For
marriage, name and address changes, the SUID will remain valid.

> Is this a user-driven, optional
> function? If so, what does it accomplish?

I think it should be CA-policy driven.  CA's that provides/enforces temporal
uniqueness of SUID's may annouce so and may be classified as a CA that's more
suitable for longlived applications.  The use of temporal unique SUID's on
ACL's would prevent another Shyh-Wei Luan with a California DMV certificate
100 years later from accessing my cyberspace accesses/assets.  Using SUID
alone on ACL's will also make it unnecessary for me to contact San Jose
Mercury News and Time to change my name in their identity database or ACLs,
when I get an English name and start using it with California DMV.

> If it is to be user-driven and optional (at least as far as the uniqueness
> is concerned), then portability between CAs might be a consideration.  If
> one of the schemes that was suggested for deriving completely unique or
> probabilistically unique IDs was used, then a user should be able to carry
> that ID to another CA and use the same UID.

This is NOT what I proposed.  It is each CA itself who will choose the SUID
algorithm that fits its own specific context.

> All this is metaphysical enough, but I really begin to get a headache when I
> start to think how to apply these concepts to non-human entities. How would
> it work for a server name?

Yes, it is perfectly possible that a server can get a SUID in the context of
of a ISP's CA, for example.

> Would it apply in the case of a corporation name,
> for example after a merger?

If the merger affects the context of CA's, then some changes are necessary.
For example, if IBM wants to disband Lotus Corp's CA, then all Lotus employee
will be included in IBM CA's context.  Of couse, IBM can choose to maintain
the use of the Lotus CA.

> How about a law partnership that adds one more
> partner?  Is that still the "same" entity?  The semantic issues would be the
> driving factors, here, I think.

I don't think a fixed semantics can be provided for everyone here.  Each CA
will decide what to do in accordance to future rules/laws, I believe.

> I'm not suggesting that a globally unique UID is necessary, only that it
> might be nice for applications such as access control.  In particular, the
> Orange Book requirements for a B3 system require that it be possible to
> EXCLUDE individuals or groups of individuals from access, and I don't know
> how to implement that, particularly in the network context, if people can
> freely change their names.

A globally unique Subject UID will not prevent frauds by itself either.  I
don't think getting a new Subject UID would be easier than getting a new
globally unique identifier.  What's needed here is some law enforcement against
fooling CA's in order to get new SUID's.  One can change his/her name but not
his/her identity!

Shyh-Wei

Prev by Date: Call for Papers: Jurimetrics
Next by Date: Re: X.509 certificate and its subject name field
Previous by thread: unsubscribe
Next by thread: Business Model and Architecture for an Open PKCI
Index(es):
- Date
- Thread