From: Ian Brown <I(_dot_)Brown(_at_)cs(_dot_)ucl(_dot_)ac(_dot_)uk>
you can have one cert
that just binds permanent info like a name or perhaps a
lifetime identification (i.e., SSN) number to a key.
Good points, but I think one consideration we must keep in mind is that
we may not *want* a 'permanent' key or binding, for privacy reasons.
Even if the binding is anonymous, long-term use allows profiles to be
built up which may then be re-connected with a user at some later date.
Just a thought...
Ian.
Note, I didn't write the above 2nd-level > > quote, although I agree with it.
Obviously, if you don't want a permanent identity, then don't use
one. There is nothing preventing a particular human from obtaining and
using an arbitrarily large number of certificates (in the limit, a
new cert with a new key and/or new name for each message/transaction/
connection/etc.), regardless of the certificate format being used.
The problem only comes in when users need a permanent identity that lasts
longer then their common name, email address, or public key. *If* such
permanent identifiers are needed, then the requirement can be satisfied
as indicated in the quote, or as I suggested, by using a large random
number as the permanent identity. Name-centric certificates such
as PGP and X.509 are amenable to this usage; it is much more inconvenient
to accommodate names that last longer than principals (keys) when
using key-centric certificates.