I have a suggestion regarding the relationship between long, unique,
descriptive subject names and network mailbox addresses.
Given that a user typically will not obtain her base certificate from
her e-mail provider, her (external) CA is in a poor position to certify
the correctness of her e-mail address, or verify that it isn't being
wrongfully claimed for some type of scam. Also, as has been noted, she
may wish to change her e-mail provider (e.g., due to service problems)
before her certificate's natural expiration date.
It seems to me that the proper trust architecture here would be to have
the organization that administers the address space issue an "address
certificate" separate from the base certificate, in which they assert
that "mail address" has been assigned to "long user name," -- signed
provider. Then, when she doesn't pay her bill and is dropped from the
service, the provider can just revoke the address certificate. This way
we decouple the troublesome data associations and put each certifier in
the business of certifying only what it really has control over. Of
course it will be trivial for the e-mail provider to verify the proper
name binding, as it need only demand that the applicant for an address
certificate sign their application using their principal identity key.
This is a species of attribute certificate which will be considered as
an element of ANSI X9's forthcoming work on authorization.
Frank Sudia
Bankers Trust Co.
------- End of Forwarded Message