[Top] [All Lists]

Re: The address-in-certs issue

1997-12-22 08:07:58
From: John Gardiner Myers <jgmyers(_at_)netscape(_dot_)com>

In order for S/MIME agents to interoperate, receiving UA's need to be
able to present an identity of the signer to the user in a manner that
is simple and comprehensible.  This is not going to work if UA's have to
deal with presenting two entirely different syntaxes for identities,
especially if one of them is as complex as the DN syntax.'

This is irrelevant to the question at hand, but why do you feel that
", CN=John Gardiner Myers" is complex and incomprehensible,
whereas "jgmyers(_at_)netscape(_dot_)com" is simple and comprehensible?  And by
extension is "12345,3924(_at_)compuserve(_dot_)com" also more simple and 
than a DN?

The reason this is irrelevant is that there is no reason to either
require or prohibit users from choosing their preferred form of identity.
If some users want identities in RFC822 syntax, that's fine.  If other
users want identities in DN syntax (to enable the same cert to be used
for S/MIME and non-S/MIME purposes, for example), then that's fine too.

You continue to ignore the distinction between an identity and a mailbox.
People normally would want one (or just a few) identities.  But some users
change mailboxes often, or have multiple contemporaneous mailboxes, or use
mail mechanisms that have no meaningful identity at all (IETF terminal
room - "sun19(_at_)ietf(_dot_)newbridge(_dot_)com" for example).
A mailbox is NOT an identity - and as long as you keep using the same word
to refer to two different functions, you will continue to be confused
about the difference between them.

What is more
likely is that UA's are going to have to add a subsystem to map
DN-syntax identites to RFC822 identities and UAs are going to be far
less likely to get the security issues of this mapping right than the
far fewer and better equipped CAs.

Please explain why there is any security issue involved.

If I want to send mail to the person I know as
", CN=John Gardiner Myers", or the person I know as
"jgm+(_at_)cmu(_dot_)edu", then what difference does it make if the mail gets
addressed and delivered to anon3984(_at_)remailer(_dot_)fi as long as it 
winds up in a location where the person holding the private key
corresponding to the certified identity can read it?

To be redundantly didactic, the first two are *identities*, either of
which (the choice is a matter of personal preference) can be used in a
cert.  The third is a *mailbox* which does not belong in a cert at all.
S/MIME user agents will maintain an address book mapping identities
to addresses.  S/MIME user agents might also have a configurable option
to allow checking that the identity and the mailbox are the same and
warning if they are not, for people who choose to use their mailbox as
their identity.  But there is no reason for S/MIME to mandate that:
 1) certs contain mailbox addresses,
 2) certs have identities in RFC822 format, or that
 3) there be any mandatory checking between identities and mailbox

<Prev in Thread] Current Thread [Next in Thread>