[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Subject naming

To: Hal Lockhart <hal@xxxxxxxxxxx>, Shyh-Wei Luan <luan@xxxxxxxxxxxxxxx>, perry@xxxxxxxxxxxx, "Steiner Viktor, GD-IT453" <Viktor.Steiner@xxxxxxxxxxxxxxxx>
Subject: Re: Subject naming
From: "Shyh-Wei Luan" <luan@xxxxxxxxxxxxxxx>
Date: Thu, 12 Jun 1997 10:55:28 -0700
Cc: "'ietf-pkix@xxxxxxxxxx'" <ietf-pkix@xxxxxxxxxx>
In-reply-to: Hal Lockhart <hal@platsol.com> "Re: Subject naming" (Jun 12, 9:10am)
References: <"darkstar.b.422:12.05.97.13.16.17"@platsol.com>

On Jun 12,  9:10am, Hal Lockhart wrote:

> >Nobody here is suggesting that names are obsolete!  We have names on our
driver
> >license and other ID's and we also see names of UNIX file owner/group, but
yet
> >there are underliying numerical ID's.
>
> I believe this discussion has begun to go over the same ground. As someone
> else poined out a week or two ago, the problem with this type of approach is
> that you need a trusted facility to perform the mapping.

The mapping is provided in the certificates by CA's.  The updates in the
mapping
(i.e., name changes) will be propagated to applications upon accesses based on
the names cited in new certificates when used.

There are at least two other potential means for application to update name or
other (non-Subject-UID) attribute information in the ACLs.

(1) Applications may refresh the attribute information through a protocol with
CA's or directories for pulling up-to-date certificates to update annotations
to
Subject UID's.

(2) Applications may provide an interface for on-line, user initiated updates
of attributes (except the Subject UID).  Note that these updates can be
automatically verified with the use of the new certificates.  No additional
name-update protocol between CA's and applications is needed.

> This works ok if
> the scope of the identifier is local (e.g. an OS), but gets harder as the
> scope increases.  If the mapping is incorrect, either because of out of date
> information or fraudulent manipulation, the authorization decision will be
> incorrect *and it is unlikely to be noticed by people*.
>
> Although a serial number encoded in the subject name:
>
> CN=John Smith + SN=12345
>
> is just as obscure, the human readable portion of the name does provide the
> possibility that a human being can detect what is going on.

I don't understand what you mean here.  Do you mean that a SUID field is less
human-readable than the SN attribute?

For applications that are really concerned with name changes, they can always
include Subject Names in ACL's to deny certificates with new names, until ACL's
get updated.  But there are a many businesses which do not care what your
name is, where you live/work, etc. They only care that you are the same person
whom they have been dealing with.  Applications can also choose to grant
accesses to certificates with name changes but at the same time send out
confirmation notices to the certifying CA's and the certified subject.  This is
similar to address-change requests in today's business practices.

Using Subject UID's alone as the basis of access control offers these
flexibilities upon name changes.

There is also another perspective that would argue for the use of Subject UID
field - the decoupling of certification from naming.  I'll elaborate if
interested ...

Shyh-Wei

References:
- Re: Subject naming
  - From: Hal Lockhart

Prev by Date: Unsubscribe
Next by Date: How to UNSUBSCRIBE yourself from this list..
Previous by thread: Re: Subject naming
Next by thread: Please remove me, someone
Index(es):
- Date
- Thread