Re: [IETF-PKIX] Multiple certificates for same key?

[Tony Bartoletti <azb@xxxxxxxx>]

Stephen,

At 12:07 PM 3/6/98 -0500, you wrote:
>Dan,
>
>>Let's get this straight -- the key is the identity,
>>your name is a handle.  If liberty means anything, you
>>can call yourself what you want hence identity-to-handle
>>mapping will be many to many.  The tradeoff is your
>>complexity eval of managing O(10**2) keys versus your
>>exposure eval of published cross correlation of the key
>>sharing amongst certs.
>
>Wrong mailing list.  What you said above is the SPKI notion, but it's not
>the PKIX notion, of the semantics of the subject name field in a
>certificate.
>
>Steve

I agree with your characterization of subject name SPKI vis-a-vis PKIX.

Dan makes a secondary point, in that the cost of carrying different keys
for every usage (identification or authorization, I suppose) be weighed
against the potential privacy concern of having one key (especially in
the case of an identity role) employed so widely that tracking usage on
the one key produces a virtual dossier on the owner.

Being primarily a theoretic type, I imagine infinite cpu, storage and
bandwidth are available now, or will be next Tuesday, so I tend to ignore
spacetime considerations at my peril.

P.S.  Hope to hear you speak in Reston at the FPKI thing.

___TONY___

Tony Bartoletti                                             LL
SPI-NET GURU                                             LL LL
Computer Security Technology Center                   LL LL LL
Lawrence Livermore National Lab                       LL LL LL
PO Box 808, L - 303                                   LL LL LLLLLLLL
Livermore, CA 94551-9900                              LL LLLLLLLL
email: azb@llnl.gov   phone: 510-422-3881             LLLLLLLL