David P. Kemp wrote:
If we agree that relatively long-lived stable identities are a goal,
and that accommodating environments where mail can reach a given user
by multiple and occasionally or frequently changing addresses is also
a goal, then we can't reach both goals by putting all the delivery
addresses into a cert.
Sorting out the above statement I get (and agree with) these goals:
Goal 1 - Long lived stable identities/certs (i.e. like a S.S. number)
Goal 2 - Allowing frequent change of address (i.e. like moving)
Goal 3 - Accepting use of multiple addresses
IMHO the dichotomy is clear; we cannot achieve all goals at the same time. It
is the issue of adding and/or editing addresses that would result in an
unstable certificate. I add my voice to those proposing that the certificate
not contain any address.
If we had some other form of permanent ID in our cyber world then I would vote
that we put it in the cert. Ideally, a recipient would only need one
certificate for their entire life.
William M. Barry