Re: [IETF-PKIX] Multiple certificates for same key?

[Paul Koning <pkoning@xxxxxxxxx>]

>>>>> "David" == David P Kemp <dpkemp@missi.ncsc.mil> writes:

 David> Tony's characterization is eloquent enough that it cannot be
 David> improved upon, but merely restated.  By following the "wallet
 David> and paper signature" model and having a single public key
 David> which announces "This Is Me!", users would be voluntarily
 David> adopting the very thing they refuse to have imposed upon them
 David> externally: a national ID.

That it true if one were to adopt a restriction that any particular
user MUST have exactly one key.  But I don't believe that has been
proposed.

What was proposed instead is that it should be up to user discretion
as to how many keys there are for that user.  It might be one, it
might be as many as the number of certificates held by that user.  If
the choice is up to the user, my expectation is that the average
number will be higher than one but probably not a great deal higher.
Certainly you give a good reason why the average would be higher than
one.

        paul

--
!-----------------------------------------------------------------------
! Paul Koning, NI1D, C-24183
! Xedia Corporation, 119 Russell Street, Littleton, MA 01460, USA
! phone: +1 978 952 6000 ext 115, fax: +1 978 952 6090
! email: pkoning@xedia.com
! Pgp:   27 81 A9 73 A6 0B B3 BE 18 A3 BF DD 1A 59 51 75
!-----------------------------------------------------------------------
! "The only purpose for which power can be rightfully exercised over
!  any member of a civilized community, against his will, is to prevent
!  harm to others.  His own good, either physical or moral, is not
!  a sufficient warrant."    -- John Stuart Mill, "On Liberty" 1859