[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [E-CARM] PKI, CAs, TTPs &c.

Perry E. Metzger wrote:
> Tony Bartoletti writes:
> > John Lowry writes:
> > >     Saying that my key is my name is equivalent to
> > >     saying that my pen is my name.  This is nonsense.
> >
> > Unfortunately, saying "My name is Me" is also nonsense.  So what is me?
> Names don't matter. I think that's what we've all been saying for a
> long while. I think answering "What is Me" also doesn't matter.
> Saying "my key is my name" is certainly nonsense, but saying "the
> entity (be it person, group, or alien from Alpha Centauri) that we
> will allow to log on to this computer is the entity that knows the
> private key associated with this public key, and can prove it by
> signing something" is perfectly sensible. No need for names, or even
> for anything other than a simple operational definition.

It may be nonsense, but it certainly isn't equivalent to saying "my pen
is my name". Pens can write all sorts of things, and are fairly
indistinguishable from other pens. The same cannot be said of keys.
Saying "my key uniquely identifies me" strikes me as reasonably valid
(with some provisos), whereas saying "my pen uniquely identifies me" is
(usually) nonsense.

Now, if you want to argue about whether a unique identifier can
reasonably be called a name, there may be some grounds for that
argument. But I can't see that it is in the slightest interesting.

> After all, names are worthless. People change them, people have more
> than one of them, they aren't unique, and they aren't even
> interesting.
> But we've gone over this about two thousand times, haven't we?

At least.



Ben Laurie            |Phone: +44 (181) 735 0686|  Apache Group member
Freelance Consultant  |Fax:   +44 (181) 735 0689|http://www.apache.org
and Technical Director|Email: ben@algroup.co.uk |
A.L. Digital Ltd,     |Apache-SSL author    http://www.apache-ssl.org/
London, England.      |"Apache: TDG" http://www.ora.com/catalog/apache