[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: QC certificates MAY CERTAINLY be compared!

To: "'SEIS-List'" <list@xxxxxxxxxxxxxxxxx>, <ietf-pkix@xxxxxxx>, "Stefan Santesson" <stefan@xxxxxxxxxxx>
Subject: Re: QC certificates MAY CERTAINLY be compared!
From: "Anders Rundgren" <anders.rundgren@xxxxxxxxxx>
Date: Tue, 26 Oct 1999 04:31:14 +0100
Cc: "Magnus (RSA)" <magnus@xxxxxxxxxxxxxxx>

Stefan,

1. The QC statemnent in question does not mention *different* issuers

2. The statement is still incorrect when applied to SEIS-cards from different
issuers as unique identity in those is "person-number" and nothing else.  Name is volatile.
I.e. SEIS-certs may very well be compared but you must restrict the comparision to
the attributes that form the STATIC and unique identity.  Regardless if the certs
are issued from the same or different issuers.

3.  No comments to the Container-ID stuff?

/Anders

-----Original Message-----
From: Stefan Santesson <stefan@accurata.se>
To: Anders Rundgren <anders.rundgren@jaybis.com>; 'SEIS-List' <list@seis.nc-forum.com>; ietf-pkix@imc.org <ietf-pkix@imc.org>
Cc: Magnus (RSA) <magnus@rsasecurity.com>
Date: Monday, October 25, 1999 22:56
Subject: Re: QC certificates MAY CERTAINLY be compared!

Anders,

This is a consequence of the profile, not an opinion of utilization.

If you have two certificates issued by different issuers, and you compare
these certificates and find differences in the subject names, then you may
not be able to tell if these certificates are issued to the same individual
or not. At least not on the basis of what is defined in the QC profile.

This does not mean that you can not do name comparison in a "controlled
environment" based on some other knowledge.

/Stefan

At 17:55 1999-10-25 +0100, Anders Rundgren wrote:
>Stefan,
>I have said it before and I say it again.  The following QC-statement is 
>higly doubtful:
>
>"Comparing two qualified certificates to determine if they represent
> the same physical entity may provide misleading results and should
> not be performed"
>
>As you know our famous (?) SEIS-card does indeed allow certificates to
>be compared for subject identity.   That is IMO the whole (and only) point 
>with *real* ID-cards!
>
>So this is a statement of the CPS.  Not of the draft.
>
>
>
>BTW, why no explicit support for "container ID" (card serial) as most QCs 
>will be
>put in smart cards?  It was in SEIS already.
>
>
>Anders
>
>
>-----Original Message-----
>From: Stefan Santesson <stefan@accurata.se>
>To: ietf-pkix@imc.org <ietf-pkix@imc.org>
>Date: Monday, October 25, 1999 14:14
>Subject: New submitted draft for Qualified Certificates
>
>
>>All,
>>
>>A new draft for a Qualified Certificates Profile was submitted friday 22.
>>
>>The new draft can be obtained from:
>>http://www.accurata.se/QC/documents/draft-ietf-pkix-qc-02.txt
>>
>>The QC website has been udated accrodingly:
>>http://www.accurata.se/QC/
>>
>>See also under settled topics to obtain information about major
>>considerations since the last draft.
>>
>>/Stefan
>>-------------------------------------------------------------------
>>Stefan Santesson                <stefan@accurata.se>
>>Accurata AB                     http://www.accurata.se
>>Slagthuset                      Tel. +46-40 108588              
>>211 20  Malmö                   Fax. +46-40 150790              
>>Sweden                        Mobile +46-70 5247799
>>
>>PGP fingerprint: 89BC 6C79 5B3D 591B 8547  1512 7D11 DBF4 528F 29A0
>>-------------------------------------------------------------------
>>

Prev by Date: RE: New draft - NULL Public Key Signatures
Next by Date: Re: New draft - NULL Public Key Signatures
Previous by thread: Re: QC certificates and Nationality
Next by thread: Re: QC certificates MAY CERTAINLY be compared!
Index(es):
- Date
- Thread