[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Aliases (Re-sent)

To: Bill Sommerfeld <sommerfeld@apollo.hp.com>
Subject: Re: Aliases (Re-sent)
From: Joe Tardo <tardo@raptor.com>
Date: Thu, 29 Feb 1996 14:17:27 +0100
Cc: spki@c2.org
Sender: owner-spki@c2.org

At 04:47 PM 2/29/96 -0500, Bill Sommerfeld wrote:

>cme@cybercash.com and cme@acm.org may be used by the same person, but
>they are two potentially different roles for Carl (employee-of-CyberCash
>vs. member-of-ACM), so they probably should not share keys and should
>not be aliased.

I have two problems with this:

1.  An apparent requirement for a distinct identity for distinct roles, and
vice-versa.

2.  Authenticating a mail ailas rather than to an "entity" like a mailbox or
person.

The reality is:

1.  The same person may have many mailboxes.

2.  That person might have multiple "roles" and should be able to control
security accordingly.

3.  These roles might be needed from any of the mailboxes, especially in a
pinch.  "Potentially" shouldn't mean "always".

and, maybe most important,

4.  The identity you have will most likely be your only prayer for looking
up someone's certificate.

I have a company mailbox, a personal mailbox with PSI, and an occasionally
used one at compuserve.  There have been times when I have been saved by
using the compuserve mailbox as a backup for "company" business. You can't
anticipate these, either: one that comes to mind is when I couldn't get the
modem to train on a  long-distance to the corporate terminal server, but was
able to login to compuserve via a local call.

Follow-Ups:

Re: Aliases (Re-sent)

From: "Perry E. Metzger" <perry@piermont.com>

Prev by Date: Re: owner-spki@c2.org, ietf-pkix@tandem.com
Next by Date: Re: CRLs versus short Validity periods
Prev by thread: Re: Aliases (Re-sent)
Next by thread: Re: Aliases (Re-sent)
Index(es):
- Main
- Thread