Message-Id: <199401061540(_dot_)KAA13063(_at_)transfer(_dot_)stratus(_dot_)com>
Subject: Re: Naming and other hard problems
Date: Thu, 06 Jan 94 10:28:50 -0500
From: Steve Kent <kent(_at_)BBN(_dot_)COM>
Steve,
I don't want to belabor the point or bore the list to death with this
issue. I seem to be poking my head up once a year or so to say the same
thing (like the doormouse in Alice in Wonderland?), then I go quiet
for another year. It's not important enough to engage in a serious debate.
However, it does strike me every once in a while.
I think you stated the case well in your message.
I think most people want names in certificates to be
descriptive as well as unique, i.e., the name should be easily related
to the real world entity with which the private key is associated.
I would agree that most people want to relate RSA keys to something
physical because I believe that most people want to think about a world of
physical objects rather than a world of mathematical abstractions in which
physical objects are a secondary (almost accidental) characteristic.
My personal preference is the other way (as a mathematician by training, if
not by career).
I bother to poke my head out of the teapot and speak when it becomes
obvious that life is simpler if people abandon this need to translate to
physical objects before doing whatever else is required.
Any scheme that fails to provide this sort of association creates a
need for other, out of band measures to provide that mapping.
Specifically, occasionally I see a case being discussed in which the other,
out of band certification is required anyway and the mapping to and from a
physical object is an unnecessary complication of procedure -- apparently
there only because some people are uncomfortable thinking of living in a
world of abstract objects divorced from any physical body.
For example, there is no need to identify a physical body for a bank
account. All one needs is an RSA key which has been attached to a deposit
and authorized by the depositor to have control over that money from now
on, just as I am free to make a deposit into anyone's account (even yours,
although I've never met you) by number only. In fact, that RSA public key
can be the bank account number. There is no need to certify anything here,
and especially not to identify some human being uniquely, unless you've
started out with a psychological need to tie everything to a physical
object.
This becomes a problem only when there is a debate over format and meaning
of DN which delays the design and implementation of something else.
I find such delays hard to accept.
--------
Anyway -- sorry if I've distracted the group discussion. I'll go back
into the teapot for a while. :-)
- Carl