[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NEW Data type for certificate selection ?

To: egerck@xxxxxxxxxxxxxxxxxxx
Subject: Re: NEW Data type for certificate selection ?
From: Paul Koning <pkoning@xxxxxxxxx>
Date: Thu, 1 Oct 1998 09:11:37 -0400
Cc: ietf-pkix@xxxxxxx
References: <><>
Sender: owner-ietf-pkix@xxxxxxx

>>>>> "Ed" == Ed Gerck <egerck@laser.cps.softex.br> writes:

 Ed> On Thu, 1 Oct 1998, Stefan Santesson wrote:
 >>...
 >> You and I can argue for centuries if certificates handled in
 >> browsers should, or should not, be allowed to contain SSN.

 Ed> No, I don't argue. As I wrote two msgs ago, some think they have
 Ed> valid reasons for it and I do not disagree with the need to
 Ed> preserve freedom.

Unfortunately, the world (or at least the country) is infested with
organizations that think they have a valid reason to ask for a SSN
when in fact they have neither a valid reason nor any legal authority
to do so.  Some, if you pound on the table enough, will yield.  (For
example, my medical insurance started by asking for it, but when
pushed conceded that they could make up a number instead.  Surprised
me; most outfits of that type don't have enough sense to see that.)

So I would say that anything protocol mechanism that encourages this
sort of abuse is evil and must be resisted.

	paul

Follow-Ups:
- Re: NEW Data type for certificate selection ?
  - From: Ed Gerck

References:
- Re: NEW Data type for certificate selection ?
  - From: Stefan Santesson
- Re: NEW Data type for certificate selection ?
  - From: Ed Gerck

Prev by Date: Re: NEW Data type for certificate selection ?
Next by Date: I-D ACTION:draft-ietf-pkix-roadmap-00.txt
Previous by thread: Re: NEW Data type for certificate selection ?
Next by thread: Re: NEW Data type for certificate selection ?
Index(es):
- Date
- Thread