[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Subject naming

To: Shyh-Wei Luan <luan@xxxxxxxxxxxxxxx>, perry@xxxxxxxxxxxx, "Steiner Viktor, GD-IT453" <Viktor.Steiner@xxxxxxxxxxxxxxxx>
Subject: Re: Subject naming
From: Hal Lockhart <hal@xxxxxxxxxxx>
Date: Thu, 12 Jun 1997 09:10:18 -0400
Cc: "'ietf-pkix@xxxxxxxxxx'" <ietf-pkix@xxxxxxxxxx>

At 11:45 AM 6/11/97 -0700, Shyh-Wei Luan wrote:

>Nobody here is suggesting that names are obsolete!  We have names on our driver
>license and other ID's and we also see names of UNIX file owner/group, but yet
>there are underliying numerical ID's.

I believe this discussion has begun to go over the same ground. As someone
else poined out a week or two ago, the problem with this type of approach is
that you need a trusted facility to perform the mapping.  This works ok if
the scope of the identifier is local (e.g. an OS), but gets harder as the
scope increases.  If the mapping is incorrect, either because of out of date
information or fraudulent manipulation, the authorization decision will be
incorrect *and it is unlikely to be noticed by people*.

Although a serial number encoded in the subject name:

CN=John Smith + SN=12345

is just as obscure, the human readable portion of the name does provide the
possibility that a human being can detect what is going on.

Hal
=================================================================
Harold W. Lockhart Jr.            PLATINUM technology, Inc.
Chief Technical Architect         8 New England Executive Park
Email: hal@platsol.com            Burlington, MA 01803 USA
Voice: (617)273-6406              Fax: (617)229-2969
=================================================================

Prev by Date: Re[2]: Subject naming
Next by Date: Unsubscribe
Previous by thread: Re[2]: Subject naming
Next by thread: Re: Subject naming
Index(es):
- Date
- Thread