[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Aliases (Re-sent)
[I'd like to ask that replies to this be sent only to the spki mailing
list or the pkix mailing list; we don't need a cross list flame war.]
Joe Tardo writes:
> I have a question for one of the advocates of using "internet" email
> addresses in lieu of distinguished names.
> Is email@example.com (cf: Carl's web page) REALLY firstname.lastname@example.org (cf: Carl's
> posting to this list)? If so, where would I go to look up the alias
> certificate? Will it be in one of email@example.com's signed dns entries?
> I think not.
I don't think there is much of a reason for there to *be* a
certificate saying one is an alias of the other. I don't see that
there would be any real application for such a thing. If I want to
send mail to one or the other, I care only that I have the right key
for the person at the other end. If they are the same key or two
different keys doesn't matter much -- I anticipate in any case people
may have dozens if not hundreds of private keys on their
(automatically maintained) keyrings. If I need to know that both of
those entities are the same, I could get certification of that by
another mechanism -- say, someone sending me a certificatation signed
in both private keys saying that they are the same entity or some
> I just ordered my own acm alias, not only because everybody seems to have
> one, but also to take advantage of the competitive ISP situation. Besides,
> it's cheap. Now, where do I go to get my alias certificate?
Why do you need one?