Message-Id: <9302242332(_dot_)AA21162(_at_)transfer(_dot_)stratus(_dot_)com>
Subject: Re: Unique DNs (was Re: PEM Test Service)
Date: Wed, 24 Feb 1993 15:32:02 -0800
Since a person's public key is guaranteed unique (or there's a serious flaw
in the key generation algorithm), I fail to see why the DN portion of the
[DN,key] pair needs to be unique.
How would I look you up in the X.500 directory if your DN was the same as
someone elses (a concept with a meaning of which I'm unsure)?
If X.500 needs unique DNs, then that's it's need, not PEM's. Of course,
[DN,key] is unique and could be used for X.500, but [DN,key] is not very
useful for mail routing. A hierarchy like the current domain name system
is better for that. So, if you're using DNs for mail delivery, they need
to be unique and should probably be hierarchical as well.
I realize that that's not what you were asking about, however. So, for the
rest of this message, assume there's some way other than DN to deliver mail
(maybe posting it on a newsgroup) so that there can be non-unique DNs.
Say I wish
to retrieve your public key so that I may encrypt something for you alone.
How do you know me that you want to send me mail and encrypt it for me? If
we have communicated, you would have my key already. If we haven't ever
communicated in any way, someone could have given you my address -- in
which case they could give you my key as well.
If you haven't been given my [DN,key] by anyone but are looking me up in a
database, then that lookup is based on some criterion (eg., "computer
scientist interested in discussing real-time 3D graphics, fault tolerance
or cryptology") -- and if there are 12 such people with the same DN but
different public keys, then it shouldn't matter to which one your mail gets
encrypted and delivered. It doesn't matter because you have no way to tell
one of us from the other.
I'd sure like to be able to find you by some means.
If you know me, you know me -- ie., you know my key. That's my name. From
that, you can find my DN, my mail address, ....
The reason that I brought
the issue of alignment is that if we are going to use X.500 directories for
PEM purposes in the future, we need the DNs to be the same (or very close)
so that there isn't a need to change DNs later. Does this make sense? Did
I miss something in your argument?
I understand a desire not to change DNs.
- SOAP BOX ON
All I was saying was that I see no reason for PEM to derive unique
identities from DNs when the key is unique and the only unique name of a
person you would ever need to have. Granted, once you've uniquely named a
person that way, you might still want secondary information (e-mail
address, where the person works, spoken name, ...) but all of that can be
(has to be) acquired by signed messages establishing relationships.
I see certificates as a systematized means for gathering and distributing
some of those signed messages -- establishing some of those relationships.
It doesn't cover all of them. There's no mechanism for verifying my age,
gender, height, weight, sexual preference, favorite sports, favorite TV
shows, ..., or other things which an e-mail correspondent might very much
want to know.
I realize that this is a silly conversation for me to be having this late
in the game. I have no desire to hold up PEM's release. I like it, just
as it is. (Ie., "it's been too long in coming -- just ship it!")
But, I fail to see why uniqueness of DNs (or even their format) is of any
concern to PEM. It's of concern to others (directory services, mail
delivery, ...) -- and without public keys, you might want DNs to establish
identity -- but once you have keys, you don't need to establish identity in
such an old-fashioned, hierarchical way.
- SOAP BOX OFF
- Carl
- <<Disclaimer: All opinions expressed are my own, of course.>>
- Carl Ellison
cme(_at_)sw(_dot_)stratus(_dot_)com
- Stratus Computer Inc. M3-2-BKW TEL: (508)460-2783
- 55 Fairbanks Boulevard ; Marlborough MA 01752-1298 FAX: (508)624-7488