Bill Barry wrote:
Sorting out the above statement I get (and agree with) these goals:
Goal 1 - Long lived stable identities/certs (i.e. like a S.S. number)
I certainly don't want to advertise my S.S. number or anything as stable
as my S.S. number on the net, for privacy reasons.
IMHO the dichotomy is clear; we cannot achieve all goals at the same time.
It is the issue of adding and/or editing addresses that would result in
an unstable certificate. I add my voice to those proposing that the
certificate not contain any address.
If you put anything that can change, such as a common name, into a cert,
you get an "unstable" certificate.
If we had some other form of permanent ID in our cyber world then I
would vote that we put it in the cert. Ideally, a recipient would
only need one certificate for their entire life.
What would you suggest? Employers change relatively frequently.
Residence addresses change frequently. State/country of residence
changes occasionally. Even common names change occasionally, especially
for women.
Anything that is hard to change intentionally, such as a S.S. number, is
problemetic for privacy reasons.