[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RE: The Carl & Bob show


At 09:47 AM 11/21/97 -0700, Bob Jueneman wrote:
>That is an interesting thought.  Obviously if people who "need" to know such
>information could go to the CA and ask for it, the need to include lots of
>personal information in a certificate would be lessened. On the other hand,
>having to go to the CA for that information very often would be inefficient,
>even if they maintained a easily accessible directory containing that
>In addition, including physical locality information (such as street
>address) in a certificate does permit one very useful function -- it allows
>a merchant to restrict delivery of valuable goods to the address specified
>in the certificate, so someone can't steal your key and ask to have a
>Ferrari shipped to some different address.
>So if there is a need to have such physical address information available,
>should it be in the certificate, in a relatively easily accessed directory,
>or locked up on a CA's drawer somewhere? If the information is going to be
>accessible and cross-referenced in a directory, then the privacy issue is
>moot, so the only argument is one of efficiency in processing -- the
>additional space in the certificate vs. the access time to retrieve it from
>some directory.  In general, I would opt for including it in the directory
>in such cases.

To me, address information might be in a certificate held by the user 
to give out to any merchant absolutely requiring it, but I would certainly 
not put it in any routine certificate.  That process runs the danger of a 
certificate becoming an immediate dossier.  One of the things we need to do 
as net system designers is frustrate those who want to build dossiers of 

[history of X.509 as providing access into X.500 directory (omitted)]

>Since X.509 came out of the directory work, the requirement for a DN in the
>certificate was carried over, even though initially there weren't any
>deployed directories to speak of in which to store certificates.

Exactly.  It's a second issue (claim of mine) that such a directory as X.500 
will never come to pass, at least not the way it was originally described to 
me.  As I said to Brian Snow (of R2, NSA) last CRYPTO: when I want to send 
him a confidential message and need his public key, I'll go to the X.500 
directory to find the NSA section and paw through the directory of all NSA 
employees to find his entry -- and then his key.  Right?  Ha!

>Carl likes the idea of using the key (or a hash of the key) as the ID.
>Obviously this would permit a very flat, and presumably efficient search
>strategy.  But this strategy has some problems with it, in that the
>relationship between a user and a key isn't one to one.  The person
>possesses the key, the key doesn't "possess" the person, and it is easy to
>give away the key. In addition, the person may have multiple keys, whereas
>presumably the key doesn't belong to multiple people.

I never claimed we would provide a single, inescapable identity number 
(identifier) for a person.  That's something entirely different from a name 
for a keyholder.  It is also a thing I suspect our society would reject on 
civil liberties grounds.  It is isomorphic with the tattoo on the forearm of 
KL days.

>My house, on the other hand, doesn't possess me (although it sometimes seems
>like it does), but it is strongly tied to me by sole occupancy -- an
>attribute which changes slowly and with difficulty -- about 20,000 pounds of
>difficulty the last time I moved. And because my house doesn't have wheels,
>my address also changes slowly and with difficulty.

I know people with multiple houses.  I also had a roommate who had been an 
Army brat and was able to pack and move in about half an hour.  He was an 
engineer and had engineered a solution to that annoying problem.  It was 
really impressive!  No, he didn't live in an RV.

>The only way I could think of to reasonably solve that problem was to use a
>message digest of a canonical form of the person's birth certificate.  No
>matter how many times they change their names, move around the country, etc,
>even born-again Christians only have one legitimate birth certificate. 

This comes close to one, inescapable ID -- but I know of several people using 
false birth certificates, (e.g., those of other people), so it's probably 
not as bad as a tattooed forearm.  Then again, it's not the 1:1 mapping to a 
person you are looking for.

 - Carl

Version: PGP for Personal Privacy 5.5.3


|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street  PGP 08FF BA05 599B 49D2  23C6 6FFD 36BA D342 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |