[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [caops-wg] Name Constraints - attempt at framing issues
- To: "David Chadwick" <d.w.chadwick@xxxxxxxxxx>
- Subject: RE: [caops-wg] Name Constraints - attempt at framing issues
- From: "Cowles, Robert D." <rdc@xxxxxxxxxxxxxxxxx>
- Date: Fri, 14 Oct 2005 07:36:51 -0700
- Cc: "CAOPS-WG" <caops-wg@xxxxxxx>
- Delivered-to: grdfm-caops-wg-outgoing@mailbouncer.mcs.anl.gov
- Delivered-to: grdfm-caops-wg@mailbouncer.mcs.anl.gov
- Sender: owner-caops-wg@xxxxxxx
- Thread-index: AcXQyrdp909yqGEHRnKFAA4ao4rxBwAATpxA
- Thread-topic: [caops-wg] Name Constraints - attempt at framing issues
There are lots of people named David ... should they
all be the same person? Maybe they *should*, but
that doesn't make it so. As a relying party, without
a MUST and a reasonable way to implement it with
good controls, I won't count on it. I'm a bit leery
that the CA can ever perform the simpler job, but I can
mitigate that risk by making the users register and
if they want to use a new certificate they have to
register the new one and say it replaces or is to
be used as a synonym the old one .... not that I
*automatically* the two certificates belong to the
same EE.
BC
> -----Original Message-----
> From: David Chadwick [mailto:d.w.chadwick@kent.ac.uk]
> Sent: Friday, October 14, 2005 7:22 AM
> To: Cowles, Robert D.
> Cc: Von Welch; CAOPS-WG
> Subject: Re: [caops-wg] Name Constraints - attempt at framing issues
>
>
>
> Cowles, Robert D. wrote:
> >
>
> > I really have trouble believing that anyone would believe
> > that brett or even brett@isp.net if identified by a certificate
> > from CA1 would have any relationship to the same name appearing
> > in acertificate from CA2.
>
> Dear Bob
>
> I am one of those who think they should refer to the same entity.
>
> David
>
> (In the case of the "email-like" address
> > it depends on (1) the security of the email system ... for instance
> > mindspring doesn't have a secure IMAP or POP option so I've just
> > been sitting thru a conference where a few people's passwords are
> > broadcast on the wireless network in clear text every 10-15 minutes
> > ... (2) the policy of the isp about reuse of ids ... if the user
> > with the email name brett leaves, can I have that id now?
> >
> > Bob
> >
> >
>
> --
>
> *****************************************************************
> David W. Chadwick, BSc PhD
> Professor of Information Systems Security
> The Computing Laboratory, University of Kent, Canterbury, CT2 7NF
> Tel: +44 1227 82 3221
> Fax +44 1227 762 811
> Mobile: +44 77 96 44 7184
> Email: D.W.Chadwick@kent.ac.uk
> Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
> Research Web site: http://sec.cs.kent.ac.uk
> Entrust key validation string: MLJ9-DU5T-HV8J
> PGP Key ID is 0xBC238DE5
>
> *****************************************************************
>